I want to build a web based service that lets the user input some C code that the server will then compile and run and return results. I know, I know, security nightmare. So maybe I could go with chroot or lxc or something like that. There are good posts on * about those. Another option is to use programming contest software.
我想构建一个基于web的服务,让用户输入一些C代码,然后由服务器编译、运行并返回结果。我知道,我知道,安全噩梦。我可以用chroot或者lxc或者类似的东西。关于这些,有很多关于*的帖子。另一个选择是使用编程竞赛软件。
What I am doing isn't for general programming purposes though. Users will be able to add code to a few stub functions and that is it. They don't need to be able to use pointers or arrays or strings. They shouldn't be able to open/close/read/write files or sockets or shared memory. They can't even create their own functions. They should only be able to do the following:
但我所做的并不是为了一般的编程目的。用户可以将代码添加到一些存根函数中,仅此而已。它们不需要能够使用指针、数组或字符串。它们不应该能够打开/关闭/读取/写入文件或套接字或共享内存。他们甚至不能创造自己的功能。他们只能做到以下几点:
// style comments
/* */ style comments
declare variables of type int, double, float, int64_t, int32_t, uint64_t, uint32_t
for, while, do
+, -, *, /, % arithmetic operators ( * as dereference is NOT allowed )
( )
+, - unary operators
++, -- operators
math functions like sin, cos, abs, fabs, etc
a bunch of API functions that will exist
switch, case, break
{ }
if, else, ==, !=
=, +=, -=, *=, /=, etc
Is there a tool I can use to check a given chunk of C code to make sure it contains only those elements?
是否有一个工具可以用来检查给定的C代码块,以确保它只包含这些元素?
If I can't find an existing solution I can use Antlr or something similar to come up with it myself.
如果我找不到一个现成的解决方案,我可以使用Antlr或者类似的东西。
1 个解决方案
#1
1
For a real-world example of a web service that runs user code, check out the Travis CI continuous integration service. Open-source projects use it to run their unit tests in a centralized manner. The Travis process goes a bit like this:
对于一个运行用户代码的web服务的实际示例,请查看Travis CI持续集成服务。开源项目使用它以集中的方式运行他们的单元测试。Travis的过程是这样的:
- Fire up a brand-new VM from a known-good configuration.
- 从已知的良好配置中启动一个全新的VM。
- Load and compile the user code.
- 加载和编译用户代码。
- Run the tests and display results.
- 运行测试并显示结果。
- Discard the VM.
- 丢弃VM。
There is a time limit (10 minutes IIRC) to prevent people from running botnets on the system, but other than that, the VM's are fully functional and connected to the Internet. No need for restricted syntax or other artificial limitations.
有一个时间限制(10分钟IIRC),以防止人们在系统上运行僵尸网络,但除此之外,VM的功能是完全功能化的,并连接到互联网上。不需要限制语法或其他人为限制。
The idea to keep in mind is that you'll never be able to keep a server secure from the horrors of user code, no matter how much you restrict the user. The alternative is just assuming the server is completely ruined the moment it's touched by user code and then just trash it, which is what Travis does. VM software usually has snapshot functionality to help this kind of thing.
要记住的是,无论您如何限制用户,您都无法使服务器免受用户代码的恐怖影响。另一种方法是假设服务器完全被用户代码所破坏,然后就把它扔了,这就是Travis做的。VM软件通常有快照功能来帮助这类事情。
#1
1
For a real-world example of a web service that runs user code, check out the Travis CI continuous integration service. Open-source projects use it to run their unit tests in a centralized manner. The Travis process goes a bit like this:
对于一个运行用户代码的web服务的实际示例,请查看Travis CI持续集成服务。开源项目使用它以集中的方式运行他们的单元测试。Travis的过程是这样的:
- Fire up a brand-new VM from a known-good configuration.
- 从已知的良好配置中启动一个全新的VM。
- Load and compile the user code.
- 加载和编译用户代码。
- Run the tests and display results.
- 运行测试并显示结果。
- Discard the VM.
- 丢弃VM。
There is a time limit (10 minutes IIRC) to prevent people from running botnets on the system, but other than that, the VM's are fully functional and connected to the Internet. No need for restricted syntax or other artificial limitations.
有一个时间限制(10分钟IIRC),以防止人们在系统上运行僵尸网络,但除此之外,VM的功能是完全功能化的,并连接到互联网上。不需要限制语法或其他人为限制。
The idea to keep in mind is that you'll never be able to keep a server secure from the horrors of user code, no matter how much you restrict the user. The alternative is just assuming the server is completely ruined the moment it's touched by user code and then just trash it, which is what Travis does. VM software usually has snapshot functionality to help this kind of thing.
要记住的是,无论您如何限制用户,您都无法使服务器免受用户代码的恐怖影响。另一种方法是假设服务器完全被用户代码所破坏,然后就把它扔了,这就是Travis做的。VM软件通常有快照功能来帮助这类事情。