OJ (Online Judge) allows users to download an arbitrary piece of code for execution on the server, but it also has a sandbox to prevent malicious code from running. For example, leetcode if I send this code in python:
import subprocess
res = subprocess.check_output(["ls", "/"])
print res
It returns:
Line 36: OSError: [Errno 11] Resource temporarily unavailable
If I want to implement an OJ system in python, is there a way to control the system calls of the subprocess and prohibit certain calls?
I searched around, most posts were mentioned either using ptrace or using a script in a virtual machine. I am wondering if there is a better approach.
Note. Since OJs supports loading programs from different languages (C / python / Java), limiting Python code (for example, execcode in a limited area) does not work.
source
share