[Edu-sig] chroot jail or sandbox?
Seth David Schoen
schoen@loyalty.org
Sun, 28 Apr 2002 21:30:02 -0700
Louis Bertrand writes:
> Hello,
>
> I'm exploring the idea of having my students
> submit their programming assignments through
> a Web dropboxand having those assignments
> automatically marked by a script that runs
> the submitted program with pre-arranged
> test data, catching any boo-boos with exceptions.
>
> Here's the problem: this plan violates the secure
> programming principle that you should never treat
> data as code and I might be leaving myself
> open for some serious malware.
>
> Does anyone have any experience with restricting the
> privileges of a running Python program?
>
> As a first pass, I would:
> * run Python in a chroot(2) jail
> * load the jail with only the bare minimum to run Python
> and remove networking and os modules (at least).
> * scan the submitted programs for usage of sys.path.
"Scanning the submitted programs" for anything is always tougher
than it sounds. Just looking at that one example, it's easy to
disguise a reference to sys.path:
import sys as fun
forbidden = fun.path
or alternatively, a much more complicated approach,
import sys, md5
forbidden = eval("sys."+filter(lambda x:md5.md5(x).hexdigest()=='d6fe1d0be6347b8ef2427fa629c04485',dir(sys))[0])
or a way to avoid mentioning the "sys" part:
import sys
i = ""
for i in globals().values():
try:
i.getrecursionlimit
fooled_you = i.path
break
except: pass
--
Seth David Schoen <schoen@loyalty.org> | Reading is a right, not a feature!
http://www.loyalty.org/~schoen/ | -- Kathryn Myronuk
http://vitanuova.loyalty.org/ |