[Edu-sig] chroot jail or sandbox?

[Dustin Mitchell]

On Wed, Apr 24, 2002 at 06:52:14PM -0400, Louis Bertrand wrote:
> Hello,
> 
> I'm exploring the idea of having my students 
> submit their programming assignments through 
> a Web dropboxand having those assignments 
> automatically marked by a script that runs 
> the submitted program with pre-arranged 
> test data, catching any boo-boos with exceptions.
> 
> Here's the problem: this plan violates the secure 
> programming principle that you should never treat 
> data as code and I might be leaving myself 
> open for some serious malware.
> 
> Does anyone have any experience with restricting the 
> privileges of a running Python program?

Yes, but don't trust any of them.  Any such restriction is like trying to
stop a river .. it's going to get through eventually.

I would suggest that you look into, e.g., rexec[1], but construct your web
dropbox such that *you* review the code before executing it.  That is,
students drop it in and it's timestamped.  Then you come along whenever,
enter some password, and are presented with a list of ungraded submissions.
You call one up, look over the code, and decide to press or not press the
"run" button.  Rexec will catch anything straightforward, and likely anything
tricky enough to get around rexec will stick out like a sore thumb in your
reading of the code.

Dustin

[1] http://www.python.org/doc/current/lib/module-rexec.html

-- 

  Dustin Mitchell
  dustin@ywlcs.org
  http://people.cs.uchicago.edu/~dustin/