How to implement a sandbox for an online

2018-06-23 16:19:06

OJ(Online Judge)s allow users to upload arbitrary code snippet to execute on the server, but it also has a sandbox to prevent malicious code from running. For instance, on leetcode, if I submit this code in python:

import subprocess
res = subprocess.check_output(["ls", "/"])
print res

It returns:

Line 36: OSError: [Errno 11] Resource temporarily unavailable

If I want to implement the OJ system in python, is there any way to monitor the system calls of a sub-process, and forbid certain calls?

I have searched around, most posts mentioned either using ptrace or running the script within a virtual machine. I am wondering if there is a better approach.

Note: Since OJs support uploading programs of different languages (C/python/Java), restricting the python code (like exec the code in a limited scope) does not work.

链接地址: http://www.djcxy.com/p/66378.html

上一篇: 以编程方式用ptrace修改全局变量

下一篇: 如何实现在线沙箱