as per Using ptrace to write a program supervisor in userspace, I’m attempting to create the program supervisor component of an online judge.
What system calls would I need to block totally, always allow or check the attributes of to:
- Prevent forking or runing other commands
- Restrict to standard ‘safe’ C and C++ libs
- Prevent net access
- Restrict access to all but 2 files ‘in.txt’ and ‘out.txt’
- Prevent access to any system functions or details.
- Prevent the application from escaping its supervisor
- Prevent anything nasty.
Thanks any help/advice/links much appreciated.
From a security perspective, the best approach is to figure out what you need to permit rather than what you need to deny. I would recommend starting with a supervisor that just logs everything that a known-benign set of programs does, and then whitelist those syscalls and file accesses. As new programs run afoul of this very restrictive sandbox, you can then evaluate loosening restrictions on a case-by-case basis until you find the right profile.
This is essentially how application sandbox profiles are developed on Mac OS X.