堆栈内存溢出
  简体   繁体   English

如何安全地执行C代码

[英]how to execute c code securely

 原文  2012-07-16 10:32:21       c/ compiler-construction

问题描述

In this scenario the user will submit his/her C code to my server through a browser. 在这种情况下,用户将通过浏览器将其C代码提交到我的服务器。 The code will then be compiled and executed on my server and the output will be sent to the user. 然后将在我的服务器上编译并执行代码,并将输出发送给用户。

Since the user can submit any code (including Viruses, or other malfunctioning code). 由于用户可以提交任何代码(包括病毒或其他故障代码)。 I will have to take care of that. 我将不得不照顾。

So my question is, how can I secure my server from such code? 所以我的问题是,如何从此类代码保护服务器?

4 个解决方案

解决方案1
 4  2012-07-16 10:38:11

I cannot answer you for windows -- I can tell you for linux. 对于Windows,我无法回答您-对于Linux,我可以告诉您。

This is an extremly complex problem. 这是一个极其复杂的问题。 You need to think to: 您需要考虑:

  • quota limit 配额限制
  • process that compiles/executes the code to be runned as an unprivileged user. 编译/执行要以非特权用户身份运行的代码的过程。
  • do not allow the process to run more than N seconds 不允许进程运行超过N秒
  • do not allow process to allocate too much memory 不允许进程分配过多的内存

I can say that this is a long-term project that you can not finish correctly in a few weeks. 我可以说这是一个长期的项目,您将在几周内无法正确完成。

解决方案2
 2  2012-07-16 10:36:00

Your question is perhaps equivalent to the halting problem , and probably has no bullet proof answer (think of asm in malicious C code, forged function pointers, computed goto, buffer overflow trashing the return address, dlsym & dlopen , etc.). 您的问题可能等同于停止问题 ,并且可能没有防弹的答案(例如恶意C代码中的asm ,伪造的函数指针,计算出的goto,缓冲区溢出破坏了返回地址, dlsymdlopen等)。

As mentioned by Shawn in his comment (referring to this question ), you could use sand-boxing techniques. 正如肖恩(Shawn)在其评论中提到的那样(您可以参考此问题 ),您可以使用沙盒技术。 Alinsoar's answer shows you the complexity of the issue. Alinsoar的答案向您显示了问题的复杂性。

解决方案3
 1  2012-07-16 20:38:00

Other problem to think to : what rights to allow the guest process: is he allowed to open a socket ? 要考虑的另一个问题:允许来宾进程具有什么权限:是否允许他打开套接字? If so , what traffic do you allow him ? 如果是这样,您允许他去哪儿?

In the case you open a socket, then the problem becomes even more complex, because he can deliver an attack over that socket... 如果您打开一个套接字,那么问题将变得更加复杂,因为他可以对该套接字发起攻击。

解决方案4
 0  2012-07-16 22:17:41

您可能会考虑使用ideone API ,某些移动设备软件会这样做( 例如CodeToGo

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从C中安全地读取数据包中的数据? - How to securely read data from a packet in C? 如何在 VS Code 中执行 C 程序 - How to execute a C program in VS Code 如何获取c代码来执行十六进制机器码? - How to get c code to execute hex machine code? 如何安全地将数据从C传输到Perl? - How do I securely get data transferred from C to Perl? 如何在系统上安全地保存加密密钥(openssl,c)? - How can i save a encryption key securely on a system (openssl,c)? 如何在.NET应用程序中执行C代码? - How can I execute C code inside a .NET application? Ubuntu C 代码如何在另一个文件夹中执行命令 - Ubuntu C code how to execute command in another folder 如何在c中另一个函数之前和之后执行通用代码? - How to execute common code before and after another function in c? 如何使用C中的预处理器执行/跳过某些代码行? - How to execute/skip certain lines of code using preprocessor in C? 如何编写vb.net代码来编译和执行C程序? - How to write a vb.net code to compile and execute C programs?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM