Execute external Java source code on server - limi

2020-07-06 08:35发布

问题:

I'm thinking about building a simple online service where people can solve programming exercises by submitting their solution, in form of source code, to my server where it is then interpreted/compiled and executed/tested.

By using the Java VM I could offer support for Java, Scala, Clojure, Ruby, Python and Javascript out of the box. But when I think about it in detail I'm afraid I don't know how to limit a script's resources and permissions.

I mean it should not be able to

  • write to disk
  • create more than X threads
  • run more than X seconds
  • use more than X MB memory
  • execute external applications
  • etc

How can I put each script in a sandbox?

From what I've read the SecurityManager doesn't seem to be able to do all that...

回答1:

Well, you can use some general security system to ensure safe code execution like AppArmor or SELinux. It works not only for java, python, etc. applications, but also for bash-scripts, binary executables and so on. Haven't worked at all with SELinux, but this is a simple example of AppArmor security profile which does everything you mentioned except "running more than X seconds" - this can be done by timeout mechanism (I'm a new user, so cannon post a second link here O_o..)

#include <tunables/global>

/path/to/executable {
  #include <abstractions/base>

  # http://linux.die.net/man/2/setrlimit

  # limit memory (address space)
  set rlimit as <= 150M,
  # limit core dump file http://linux.die.net/man/5/core
  set rlimit core <= 2M,
  # allow to create files only this size at max
  set rlimit fsize <= 1M,
  # limits number of threads (fork bomb won't go! :))
  set rlimit nproc <= 10,
  # program will have access to stuff defined in abstractions/base and 
  # to the file defined below. Nothing else.
  /path/to/file.txt rw,
}

What about putting each script in a sandbox - you can create several identical profiles for script1, script2 etc. This is also the way if you want different permissions for different excercises people will solve on your site.

And this is an example of using timeout:

$sudo apt-get install timeout
$timeout 3 ./binary #limits execution of ./binary to 3 seconds

I also want to recommend you limit compilation time for compiled proramming languages if you have any. For example, in C++ someone can write a tricky template or

#include </dev/urandom>

That will cause cpu-intensive work at compile-time.



回答2:

You can use the java scripting API. Many languages can be used as script, Java too. Also it does not require much programming to wrap a language with the scripting API. http://worldwizards.blogspot.com/2009/08/java-scripting-api-sandbox.html indicates how to provide sandboxing.



回答3:

You have described a JVM port that is similar to the whitelisted classes enabled by the google app engine.

There is an excellent explanation of how you could sandbox a JVM here : How does google app engine sandbox work?



标签: java security