0

I want to take C/C++ source file from users and I then I will make executable of them using gcc command in linux. And then I will provide input to this executable and redirect the output to another file. And I have a sample output file with which I will check the produced output to take decision regarding wrong or correct answer. In a word I want to make online judge wesite.

But I do not know how to handle infinite loops problem provided by user. Like let a user has submitted the following code..

while(1){

}

I know there will be a lot more threats but how do I handle those problem. I want to know how to people make online judge websites like uva online judge or others. If anybody of you have idea please help me.

Paul Lo
  • 6,032
  • 6
  • 31
  • 36
user2958359
  • 121
  • 1
  • 7
  • 15

4 Answers4

4

To be completely honest: Don't.

If you are having trouble with timeouting it, you'll shoot yourself a ginormous security hole, by all the malicious code users can have your server execute. I have no idea how the people over at ideone.com handle malicious code, but it's probably not trivial.

Instead of reinventing the wheel, just use one of the existing sites or have your code sanity checked by a person (if it's a submission to some kind of challenge).

Even if you kill the main process after a bit, nobody guarantees that it cannot launch background processes and start (e.g.) mining bitcoins for as long as it pleases.

bitmask
  • 32,434
  • 14
  • 99
  • 159
  • is there any site so that I can use their compiler to make my own website ?? – user2958359 Dec 10 '13 at 16:39
  • Ask the people at codepad.org, ideone.com and pastebin.com (in that order) or google for more services, but I'm sceptical that you'll find an out-of-the box web-compiler interface. – bitmask Dec 10 '13 at 16:50
2

Take a look here, basically what you've got to do is set a timeout. If the timeout expires, the process which is executing the executable, will get killed.

To respond @bitmask , which is completely right, security IS an issue. Yet you can step over by creating a sandbox and assigning fine permissions.

Community
  • 1
  • 1
Kei
  • 771
  • 6
  • 17
1

For a code judging website? It's kind of a naive solution, but you can probably get by with the timeout command if you have a strict time limit specified. You'd just need to install it and run compiled programs through it.

EPB
  • 3,939
  • 1
  • 24
  • 26
  • can you please tell me or give any hint to making the process more efficient . I really need help on this regard. – user2958359 Dec 10 '13 at 16:29
  • timeout itself is low overhead and efficient, but I meant that it's naive because there's lots of other things to worry about in running untrusted code that aren't handled by timeout'ing alone. Like the concerns in bitmask's answer. timeout could well be part of a larger solution, and handles the specific case you mentioned, but there are other problems that'll need to be addressed as well. – EPB Dec 10 '13 at 17:49
1

Timebox it. Spawn the compilation as a separate process/job and kill it after N seconds, returning an appropriate error to the user.

Duncan Smith
  • 530
  • 2
  • 10