如何限制过程能力?
[英]How to restrict process abilities?
问题描述
I'm writing a kind of a generic contester system for ACM solutions (like TopCoder, Timus and others). 
我正在为ACM解决方案(如TopCoder,Timus等)编写一种通用竞赛系统。 When user sends his solution using web-service, i need to run/compile it. 当用户使用Web服务发送其解决方案时,我需要运行/编译它。 And i want to set restrictions to it in order to run them safe (no access to outer files, no ability to get system time, cannot change working directory etc) There're two kinds of user solutions: 我想对其设置限制以使其安全运行(无法访问外部文件,无法获取系统时间,无法更改工作目录等)有两种用户解决方案:
solutions, that can be compiled (aka c/c++/pascal), also jit-ed and bytecode solution (c#, java)
可以编译的解决方案(又名c / c ++ / pascal),还有jit-ed和字节码解决方案(c#,java) interpreted solutions (lisp/ruby/python/php)
解释的解决方案(lisp / ruby / python / php)
Contester system is written in C# for .NET 3.5. 竞赛系统是用.NET 3.5的C#语言编写的。 Contester can run in Linux on Mono and in Windows on .NET. 竞赛者可以在Mono上的Linux和.NET上的Windows中运行。
What's the best way to do it? 最好的方法是什么? If there's ability to restrict compiled solutions (using PermissionAttributes), but i have no idea how to restrict interpreted solutions. 如果有能力限制编译的解决方案(使用PermissionAttributes),但我不知道如何限制解释的解决方案。
1 个解决方案
解决方案1
0 已采纳 2011-06-26 09:16:48
Easiest (seeing you probably need full trust) is to run under a very limited user account. 最简单(看到您可能需要完全信任)是在一个非常有限的用户帐户下运行。 IIRC the guest account cannot be used for this. IIRC来宾帐户不能用于此目的。
Edit: 编辑:
A clean VM might ideal. 干净的VM可能是理想的选择。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.