2

I'm currently writing an automatic source code validation tool. Basically students have to upload their C# source code files as a solution for different tasks. The server compiles these files within a framework and checks the program against different input files. If the output the program generates is valid (equal to the predefined output) the programm is valid and the student gets points for the program.

But I don't think I can trust the students ;) The might try to gain file access or execute other bad things on the server.

What can I do to restrict access to a minimum?
What do I need to consider?

Allready thought about:

  • file access
  • max. execution time
  • starting other programms
  • doing networking stuff
  • reflection

Currently the only way of checking the code I could imagine was to search it for keyword like "File", "Net", "Process", ... using regular expressions.

But I'm pretty sure that this is VERY unsecure.
Any suggestions?

raisyn
  • 4,514
  • 9
  • 36
  • 55
  • 2
    Just to double-check, you are planning to give the student that breaks your sandbox an A+? Very puzzling that you wouldn't make it an assignment for them. Anyhoo, I'll gladly take their resume. – Hans Passant May 12 '12 at 22:15
  • Well most of them are beginners but when they get better... If a student isable to break the sandbox and leave a text file with the info he breaks it on the server everything is fine and he gets an A+, but i don't want them to crash the server. – raisyn May 12 '12 at 22:18

4 Answers4

1

If it's just the security aspect you should compile and run the programs in a sandbox. Consider a virtualized machine if you have access to one. Scanning for the source code for security exploits sounds like quite the task (and frankly if the student is able to achieve an exploit while getting the code to output correctly then you should consider bonus points :P)

Parker
  • 1,082
  • 3
  • 13
  • 27
  • That would be a solution, but with a lot overhead, and also tricky to get the files in and out of the virtual machine, and restarteting if something goes wrong. – raisyn May 12 '12 at 22:24
1

If you are willing to use Roslyn CTP, you may take a look at Compilify. You won't need scaling infrastructure, the key part is creating sandbox.

driushkin
  • 3,531
  • 1
  • 24
  • 25
0

One thing you could also do is to run the compilation as a new System.Diagnostics.Process user with very limited permissions. This won't protect against infinite loops and such, but you should probably be checking for that manually as well in your own program because even a novice programmer could submit an accidental infinite loop.

http://www.curlybrace.com/words/2009/06/04/run-external-application-as-another-user-in-c/

Chad Stewart
  • 484
  • 4
  • 11
0

Compilation of the students' source should not pose any security risks by itself, however executing the students code requires a sandbox as the code is untrusted. AppDomains can be used for this purpose and can be assigned specific permissions (such as Execution or FileIO). See this article on MSDN. You may want to add some facility to execute the target code on another thread so that you can abort it if it times out.

If you are worried about students crashing the program (e.g. an infinitely recursive call that causes a StackOverflowException) then you will have to do all the above in a separate host process that can communicate back to your main application.

Update

Actually, compilation could pose a problem as msbuild can execute arbitrary code via tasks in the proj file. I don't think that running the compiler (csc.exe) would pose a problem though, but you would have to build the command line yourself.

Mike Zboray
  • 39,828
  • 3
  • 90
  • 122