Re: On-line judgment kernel module

2003-10-17 Thread Samy Al Bahra
On Thu, 16 Oct 2003 18:28:15 -0400 David Gilbert [EMAIL PROTECTED] wrote: As you conjecture, a syscall-less or syscall-restricted environment *should* be safe ... if your syscall changes are bulletproof *_and_* the rest of the runtime environment is bulletproof. Good system call policies are a

Re: On-line judgment kernel module

2003-10-17 Thread David Gilbert
Samy == Samy Al Bahra [EMAIL PROTECTED] writes: Samy On Thu, 16 Oct 2003 18:28:15 -0400 David Gilbert Samy [EMAIL PROTECTED] wrote: As you conjecture, a syscall-less or syscall-restricted environment *should* be safe ... if your syscall changes are bulletproof *_and_* the rest of the runtime

On-line judgment kernel module

2003-10-16 Thread David Gilbert
earthman == earthman [EMAIL PROTECTED] writes: earthman I want to create on-line judge for acm like olympiads. So I earthman have to execute some code that came in source from earthman outside(www). Thus security problem is my main problem. earthman The idea is to deny all syscalls for

Re: On-line judgment kernel module

2003-10-09 Thread Pawel Jakub Dawidek
On Thu, Oct 09, 2003 at 07:46:45AM +0300, earthman wrote: + The idea is to deny all syscalls for specific + process p. This is possible even without rewriting + kernel by kernel module. + + Now I'm thinking how to do this. + Possibly it would be easy to point p-sv_sysent + to the structure that

Re: On-line judgment kernel module

2003-10-09 Thread Samy Al Bahra
On Thu, 9 Oct 2003 07:46:45 +0300 earthman [EMAIL PROTECTED] wrote: Now I'm thinking how to do this. Possibly it would be easy to point p-sv_sysent to the structure that points sv_prepsyscall to some function that denies some system calls. (kill process, make some record in module about

Re[2]: On-line judgment kernel module

2003-10-09 Thread earthman
PJD You may just try CerbNG: PJD http://cerber.sourceforge.net PJD It was presented on WIP session at BSDCon03, slides are here: PJD http://garage.freebsd.pl/CerbNG.pdf PJD 1.0-RC3 will be avaliable in near future. Before I wanted to create some cerber based solution but I think

On-line judgment kernel module

2003-10-08 Thread earthman
I want to create on-line judge for acm like olympiads. So I have to execute some code that came in source from outside(www). Thus security problem is my main problem. The idea is to deny all syscalls for specific process p. This is possible even without rewriting kernel by kernel module. Now

Re: On-line judgment kernel module

2003-10-08 Thread Maxim Konovalov
On Thu, 9 Oct 2003, 07:46+0300, earthman wrote: I want to create on-line judge for acm like olympiads. So I have to execute some code that came in source from outside(www). Thus security problem is my main problem. The idea is to deny all syscalls for specific process p. This is possible