English 中文(简体)
自动汇编和操作第三方代码
原标题:Automatic compiling and running third party code

I m目前正在撰写自动源代码验证工具。 基本上,学生必须上载其C#源代码,作为不同任务的解决办法。 服务器在框架中汇编这些档案,对照不同的投入文件对方案进行检查。 如果方案产出有效(与预先确定的产出相同),课程表是有效的,学生可以找到方案点。

But I don t think I can trust the students ;) The might try to gain file access or execute other bad things on the server.

What can I do to restrict access to a minimum?
What do I need to consider?

深思:

  • file access
  • max. execution time
  • starting other programms
  • doing networking stuff
  • reflection

目前,我可以想象的检查守则的唯一途径是利用常规表述,寻找“File”、“Net”、“Process”等关键词。

But I m pretty sure that this is VERY unsecure.
Any suggestions?

问题回答

如果只是安全方面的话,你就应当汇编和操作沙箱中的方案。 如果能使用一台虚拟机器的话。 对来源安全法的扫描利用了像任务这样的声音(坦率地说,如果学生在正确生产守则时能够进行剥削,那么你应考虑奖金点:P)。

时间:2012-05-12 22:04:19

如果你愿意使用Roslyn CTP,请看Compilification。 你们赢得了扩大基础设施的需求,关键部分是创造沙箱。

时间:2012-05-13 03:35:32

你还可以做的一件事是把汇编作为一个新系统。 诊断。 程序用户的许可非常有限。 这赢得了保护,避免了无限的休息,但你或许应该通过人工检查,并接受你自己的方案,因为即使有一家新方案家也可以提交意外的无限休息。

时间:2012-05-13 03:10:02

Compilation of the students source should not pose any security risks by itself, however executing the students code requires a sandbox as the code is untrusted. AppDomains can be used for this purpose and can be assigned specific permissions (such as Execution or FileIO). See this article on MSDN. You may want to add some facility to execute the target code on another thread so that you can abort it if it times out.

如果你担心学生会错失方案(例如,引起SackOverflowException的无休止的复职呼吁),那么你就必须在一个单独的主办过程中做上述所有工作,以便与你的主要应用进行沟通。

A. 更新

实际上,汇编可能会造成问题,因为烟雾可能通过在案卷中的任务执行任意守则。 我认为,管理编审员(csc.exe)会造成问题,但你必须建立指挥线。

时间:2012-05-13 03:39:55


上一篇:
下一篇:


相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

时间:2009-11-13 04:17:47 回答:6 展示:1
NSArray s, Primitive types and Boxing Oh My!

I m pretty new to the Objective-C world and I have a long history with .net/C# so naturally I m inclined to use my C# wits. Now here s the question: I feel really inclined to create some type of ...

时间:2009-11-13 04:15:39 回答:4 展示:1
C# Marshal / Pinvoke CBitmap?

I cannot figure out how to marshal a C++ CBitmap to a C# Bitmap or Image class. My import looks like this: [DllImport(@"test.dll", CharSet = CharSet.Unicode)] public static extern IntPtr ...

时间:2009-11-13 03:47:30 回答:1 展示:1
How to Use Ghostscript DLL to convert PDF to PDF/A

How to user GhostScript DLL to convert PDF to PDF/A. I know I kind of have to call the exported function of gsdll32.dll whose name is gsapi_init_with_args, but how do i pass the right arguments? BTW, ...

时间:2009-11-13 03:33:19 回答:3 展示:1
Linqy no matchy

Maybe it s something I m doing wrong. I m just learning Linq because I m bored. And so far so good. I made a little program and it basically just outputs all matches (foreach) into a label control. ...

时间:2009-11-13 03:12:54 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全