weixin_39839478
weixin_39839478
2020-12-26 02:36

Sandboxed compilation

Compilation should be sandboxes. I have heard of a few loopholes during the last contest: some compilers allow code execution at compile time.

jmcarthur has successfully proven this with haskell. Even though we patched that haskell problem, I heard that this is also possible with CL.

They might be possible with others as well. Instead of risking it, I propose to sandbox the compilation step as well.

该提问来源于开源项目:aichallenge/aichallenge

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39839478 weixin_39839478 4月前

    Is this done?

    点赞 评论 复制链接分享
  • weixin_39634022 weixin_39634022 4月前

    edit: I should have used the compiler arguments from compile.py :-( Anyway, I'm at work currently so I can't rerun the tests right now.

    The following starter bots compiled and handled the sample bot input and output from the wiki. I did not use the -j option, since it would take too much configuration on my work machine (so I don't know how relevant this test is): - C++ (sandbox.py make) - Common Lisp (sandbox.py "sbcl --script MyBot.lisp") - Java (sandbox.py make) - OCaml (sandbox.py "ocamlbuild MyBot.native")

    Did not compile: - Scala (sandbox.py "scalac *.scala"): did not produce any class-files.

    Untested: - C (empty dir) - D (D compiler not available for my dist) - Go (no idea what to set GOROOT to after installing gccgo-4.6) - Haskell (empty dir) - JavaScript (interpreted) - LOLCODE (compiler(?) not available for my dist) - Perl (interpreted) - PHP (interpreted) - Python (interpreted)

    点赞 评论 复制链接分享
  • weixin_39839478 weixin_39839478 4月前

    Yes, but is it actually in effect in worker.py?

    点赞 评论 复制链接分享
  • weixin_39634022 weixin_39634022 4月前

    Not by the looks of it.

    点赞 评论 复制链接分享

相关推荐