Implement sandbox(es) for Windows #83
Labels
cat:worker
Related to the back-end worker
enhancement
New feature or request
go
Pull requests that update Go code
priority:low
Low priority: Mostly for the future
Comments
|
Also check DMOJ's old sandbox https://github.com/DMOJ/judge-server/tree/v1.4.0. They dropped Windows later on. |
natsukagami
added
cat:worker
|
I'm thinking of keeping |
natsukagami
added
priority:low
Me too. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
It seems like an open-source sandbox for competitive programming has yet to appear. If kjudge is to support Windows, native sandboxing is a must.
Describe the solution you'd like
Below are a few solutions that can be considered.
Temporary user account
Create a temporary user account for executing the code. This account will have very limited access to file and folders present on the user's machine. Memory limits and other restrictions will be enforced using Windows Job Objects. This seems to be the solution used by many judging systems.
Advantages
Compatibility: Compatible with every Windows version
known to manin use.Disadvantages
Reinventing the wheel: This solution will require excessive penetration testing.
Vulnerable to tampering by outside apps: This is a half of the sandbox's purpose. Also, AVs such as Kaspersky are notorious for deleting compiled executables, simply because they do not have a certificate.
Security through obscurity: This is essentialy patching every hole manually, so chances are it can not be open-sourced.
Chromium sandbox
See here for the introduction of the Chromium Sandbox. In short, this sandbox is for running renderers, which are exposed to untrusted data and can be compromised.
Advantages
Should be easy enough to use.
Safe
Disadvantages
There is no documentation for this sandbox. Since memory limits and time limits are not implemented, we will have to configure the call to Windows Job Objects.
HCS/Moby
See HCSShim and Moby for details. In short, we are basically firing up Docker Containers for every test.
Advantages
Safe
Behaviour similar to isolate: the Host Compute Service (HCS) was created with the intention to imitate linux's cgroups and other access-limit services, which is how isolate functions.
Has half-decent docs: The docs generated on pkg.go.dev is sufficient to understand the inner workings of the code.
Disadvantages
Big code size: I haven't looked into the actual size of the executable, but I imagine it wouldn't be very lightweight.
The text was updated successfully, but these errors were encountered: