带有 libsandbox 和 pysandbox 的受限函数 [英] Restricted Function with libsandbox and pysandbox

问题描述

我正在使用此处列出的 sample2.py https://github.com/openjudge/sandbox 作为调用沙箱库的包装器(又名.libsandbox && pysandbox).

I am using the sample2.py listed here https://github.com/openjudge/sandbox as a wrapper to call the sandbox libraries (aka. libsandbox && pysandbox).

以下是我的 C++ 代码

Following is my C++ Code

#include <stdio.h>
int main(){
   return 0;
}

当我运行 sample2.py 时的结果是

The result when i run the sample2.py is

result: RF
cpu: 2ms
mem: 288kB

谁能告诉我我必须对包装器进行哪些更改才能使其正常工作?

Can anyone tell me what are the changes i have to do to the wrapper to make this work ?

推荐答案

RF 结果代码很可能是由于用于文件操作的意外 系统调用(即 SYS_open(), SYS_close(), SYS_stat(), ...).当(1)目标程序实际执行文件操作时，和(或)当(2)它被动态链接并需要在运行时加载 .so 库时，就会发生这种情况.由于您的目标程序不调用文件操作，因此属于后一种情况.

The RF result code was most likely due to unexpected syscalls for file operations (i.e. SYS_open(), SYS_close(), SYS_stat(), ...). It so happens when (1) the target program actually does file operations, and (or) when (2) it was dynamically linked and needs to load .so libraries in runtime. Since your target program does not invoke file operations, it belongs to the latter case.

然后，要解决 RF 结果，要么，

Then, to resolve the RF outcome, either,

1. 静态链接目标程序以避免对共享库的依赖；或者，
2. 扩展包装脚本中的策略规则以处理相关的SYSCALL/SYSRET 事件；

1. statically link the target program to avoid dependencies on shared libraries; or,
2. extend the policy rules in the wrapper script to handle relevant SYSCALL / SYSRET events;

免责声明:我是 libsandbox 的作者.

DISCLAIMER: I am the author of libsandbox.

这篇关于带有 libsandbox 和 pysandbox 的受限函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！