{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 干净又极端 的问题《How to limit file permissions of a program》','https://www.manongdao.com/q-1368532.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am a student that wants to design an online judge system.
I have a problem: In order to keep the server safe, I must make the program not have rights to read or write any files The program is what another user submits through the online judge system. It isn't the sever program itself.
The users of the online judge system submit their source code, then the server program compiles and runs it. So the server program must keep the server safe.
My platform is Windows, I use C++ for my programming.
Can anyone give me some suggestions?
You cannot easily prevent what a program itself does and it is not possible to verify that the program is non-malevolent.
What you can do: Run the program as a user with limited (close to non) access-rights. Your server program needs to become that user and execute the program it has compiled. You possibly want to also use that user-account to actually compile the program (in the unlikely case someone knows how to exploit your compiler).
The windows command to execute a program as a different user is:
runas.You can change the permissions of files and directories, and then use CreateProcessAsUser to run the programs submitted by users as a user with limited (close to non) access-rights.