xuyue/OnlineJudge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

指定使用nobody用户进行编译,防止#include</etc/shadow>等情况的发生

Browse Source 
部分情况下,include敏感文件可能造成信息泄露。这里设置一下用户权限。
This commit is contained in:
virusdefender
2016-03-05 11:42:17 +08:00
parent 2a1db9fa67
commit cf2fc9df1a
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
judge/client.py
View File

@@ -91,7 +91,8 @@ class JudgeClient(object):
out_file=os.path.join(self._judge_base_path, str(test_case_id) + ".out"), out_file=os.path.join(self._judge_base_path, str(test_case_id) + ".out"),
args=execute_command[1:], args=execute_command[1:],
env=["PATH=" + os.environ["PATH"]], env=["PATH=" + os.environ["PATH"]],
use_sandbox=self._language["use_sandbox"]) use_sandbox=self._language["use_sandbox"],
use_nobody=True)
if run_result["flag"] == 0: if run_result["flag"] == 0:
output_md5, r = self._compare_output(test_case_id) output_md5, r = self._compare_output(test_case_id)
if r: if r:

3
judge/compiler.py
View File

@@ -20,7 +20,8 @@ def compile_(language_item, src_path, exe_path, judge_base_path):
max_memory=2000000000, max_memory=2000000000,
args=compile_args, args=compile_args,
env=["PATH=" + os.environ["PATH"]], env=["PATH=" + os.environ["PATH"]],
use_sandbox=False) use_sandbox=False,
use_nobody=True)
compile_output_handler = open(compiler_output_file) compile_output_handler = open(compiler_output_file)
compile_output = compile_output_handler.read().strip() compile_output = compile_output_handler.read().strip()