"Chris" <ho******@cs.umass.edu> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Could someone point me to an example or at least outline of a solution
to the following problem:
I want to be able to compile the body of a method written in C++,
submitted by a possibly malicious CS student, and if it compiles
correctly execute it within a sandbox with limited privileges (e.g. no
I/O, or I/O only to certain directories).
Well, the expedient, less straighforward thing to do is to get yourself a
virtual machine. Microsoft's is here:
http://www.microsoft.com/windows/virtualpc/default.mspx
and VMWare's is here:
http://www.vmware.com/
Either will let you virtualize an _entire_ machine, virtual disks and all.
(I think that there are inexpensize academic versions of these products but
I am not sure).
Then run the student's compiled and linked assignment under the VM. The
worst he can do is trash a disk. But with either virtual machine you should
be able to copy the virtual disk - which is just a big file or files -
immediately after you install an operating system to some safe location. In
a pinch just copy the files back and the damage is undone.
The straightforward approach would involve creating an account with minimal
privileges for running students' assignments. Next you could deny access to
all folders on all drives except those you select. This is a security topic
and not a development one. Check this link
http://www.le.ac.uk/cc/dsss/docs/acls1.shtml
to get started. Then try posting again in a secirity focused group.
Once your directories are secure you could use the RunAs command to run the
students assignments using the credentials of the low rights account you
created:
http://www.microsoft.com/resources/d...-us/runas.mspx
or you could adopt a policy such that you never run those assignments except
when logged in to the low rights account.
Regards,
Will