Блог пользователя raidfox

Автор raidfox, история, 3 года назад, По-английски

How does Codeforces deals with malicious code. Does it handle this on code level like blacklisting or at OS level?

  • Проголосовать: нравится
  • +14
  • Проголосовать: не нравится

»
3 года назад, # |
  Проголосовать: нравится +7 Проголосовать: не нравится

I don't know competitive programming platforms that try to isolate the code on the language level. That's quite hard, as there are many languages with numerous features and banning every potentially malicious construct is quite hard. In C/C++, you can even use raw system calls and assembly, which may help to overcome the limitations.

I am unsure what Codeforces does exactly, but here are some good examples for other online judging systems.

  • ejudge runs solutions on a patched Linux kernel, which makes them quite unprivileged and forbids many system calls. Of course, there are also limitations for time and memory limits.
  • DMOJ, as far as I know, tries to filter bad system calls that can be potentially executed by the submission
  • CMS, which is used on IOI, uses isolate. It takes advantage of certain Linux kernel features called namespaces and cgroups. Namespaces is a way to let the program access only the part of the file system, network etc. so that the process cannot access the system outside. Cgroups are used to limit the resource consumption. By the way, the same kernel features are used by Docker.