问题
I'll looking for advice/resources to write a program that can intercept system calls from a programm to supervise it's filesystem, network, etc access.
The aim of this is to write an online judge, so that untrusted code can be run safely on a server.
This is on linux, and I would prefer to write C++ or a scripting langauge (ruby, python, etc), and a library would be great!
Thanks.
回答1:
This looks like a good place to start. http://www.linuxjournal.com/article/6100
回答2:
You can't safely use ptrace() to sandbox a hostile application.
The application can always use multiple threads with deliberate race conditions to alter syscall arguments passed via pointers (eg. a filename) after you've inspected them but before the kernel looks at them.
来源:https://stackoverflow.com/questions/3642370/using-ptrace-to-write-a-program-supervisor-in-userspace