Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #54564
| Path | csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <nedbat@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.016 |
| X-Spam-Evidence | '*H*': 0.97; '*S*': 0.00; 'subject:Python': 0.06; '21,': 0.07; 'suppose': 0.07; '#include': 0.09; 'finished.': 0.09; 'skip:/ 10': 0.09; 'url:github': 0.09; 'cc:addr:python-list': 0.11; 'python': 0.11; 'wrote': 0.14; '/**': 0.16; 'btw:': 0.16; 'code?': 0.16; 'edward': 0.16; 'edx,': 0.16; 'limit.': 0.16; 'open-source,': 0.16; 'tokenize': 0.16; 'url:faq': 0.16; 'sat,': 0.16; 'student': 0.16; 'sender:addr:gmail.com': 0.17; 'thanks,': 0.17; 'wrote:': 0.18; '(not': 0.18; '(but': 0.19; "hasn't": 0.19; 'seems': 0.21; '>>>': 0.22; 'separate': 0.22; 'tests': 0.22; 'cc:addr:python.org': 0.22; 'header:User-Agent:1': 0.23; 'questions:': 0.24; 'sends': 0.24; '(or': 0.24; 'cc:2**0': 0.24; 'script': 0.25; 'post': 0.26; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; "doesn't": 0.30; 'url:mailman': 0.30; 'code': 0.31; 'comments': 0.31; 'lines': 0.31; 'that.': 0.31; 'too.': 0.31; '>>>>': 0.31; 'challenges.': 0.31; 'disable': 0.31; 'restricted': 0.31; 'sep': 0.31; 'subject:programs': 0.31; 'writes:': 0.31; 'run': 0.32; 'url:python': 0.33; 'fri,': 0.33; '"the': 0.34; 'could': 0.34; 'beyond': 0.35; 'requirement': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'add': 0.35; 'there': 0.35; 'like,': 0.36; 'done': 0.36; 'url:listinfo': 0.36; 'similar': 0.36; 'url:org': 0.36; 'should': 0.36; 'seconds': 0.37; 'unit': 0.37; 'easily': 0.37; 'problems': 0.38; 'process,': 0.38; 'security,': 0.38; 'writes': 0.38; 'pm,': 0.38; 'resource': 0.38; 'anything': 0.39; 'itself': 0.39; 'use.': 0.39; 'sure': 0.39; 'url:mail': 0.40; 'how': 0.40; 'skip:u 10': 0.60; 'access,': 0.60; 'subject:online': 0.61; 'profile': 0.61; 'john': 0.61; 'simple': 0.61; "you're": 0.61; 'account': 0.65; 'to:addr:gmail.com': 0.65; 'series': 0.66; 'here': 0.66; '20,': 0.68; 'judge': 0.68; 'limit': 0.70; 'programs,': 0.74; 'batchelder': 0.84; 'directories:': 0.84; 'email addr:panix.com': 0.84; 'malicious': 0.84; 'skip:/ 30': 0.84; 'bears': 0.91; 'profile.': 0.91; 'url:latest': 0.91; '2013': 0.98 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=yTaz+q3INE540pCKBrfXLgQ42hefsNVINQyIMTBwJoI=; b=Aym8RlbFW/Zpm8ctTKox5oQo8+5SMaakwkK0T3NKwHkqJYq1SFWSnO8rOXQmcHlAp9 7b98bsLsSBy3YH2SkraBqqeRMOwjkIMHB/J3rixAEVEqQV+poj72FhjJEw9pQZFQU1nR CplOAGMc8J8i6uhJbzpkw7hhclgEcj9HjYsN4FRQxlRQY3U0w/ssN/pbFQ8Mrimx2a5v vPFmKEsrrf1kiI80e0ACWpIZv9UWnFo/pjTQZCPCdhupmNM3qJm9oTyxQdv5nYe9FM++ d9KRc0Fgi0N+CFECA/OdfSzZ2Dj17qSMpxN69IKmTvTvdjWuXiIufPXitFm/X4spOtNM GNwQ== |
| X-Received | by 10.236.181.194 with SMTP id l42mr13890205yhm.26.1379795349983; Sat, 21 Sep 2013 13:29:09 -0700 (PDT) |
| Sender | Ned Batchelder <nedbat@gmail.com> |
| Date | Sat, 21 Sep 2013 16:29:08 -0400 |
| From | Ned Batchelder <ned@nedbatchelder.com> |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 |
| MIME-Version | 1.0 |
| To | Jabba Laci <jabba.laci@gmail.com> |
| Subject | Re: building an online judge to evaluate Python programs |
| References | <mailman.195.1379698177.18130.python-list@python.org> <l1i9vm$6l0$1@reader1.panix.com> <CAOuJsMnx8MGTJ=f7D=cj09mGiQq8j_DzXq4vEzHwX34pdx630Q@mail.gmail.com> <523CD032.6000205@nedbatchelder.com> <CAOuJsMmmua252QNL9AoJ7RaOm8i9-x_W+gYMhckjsFxzfwZP3A@mail.gmail.com> |
| In-Reply-To | <CAOuJsMmmua252QNL9AoJ7RaOm8i9-x_W+gYMhckjsFxzfwZP3A@mail.gmail.com> |
| Content-Type | text/plain; charset=ISO-8859-1; format=flowed |
| Content-Transfer-Encoding | 7bit |
| Cc | Python mailing list <python-list@python.org> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.233.1379795791.18130.python-list@python.org> (permalink) |
| Lines | 80 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1379795791 news.xs4all.nl 15926 [2001:888:2000:d::a6]:53510 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:54564 |
Show key headers only | View raw
On 9/21/13 3:57 PM, Jabba Laci wrote:
> Hi Ned,
>
> Could you please post here your AppArmor profile for restricted Python scripts?
Laszlo, the instructions are in the README, including the AppArmor
profile. It isn't much:
#include <tunables/global>
<SANDENV>/bin/python {
#include <abstractions/base>
#include <abstractions/python>
<SANDENV>/** mr,
# If you have code that the sandbox must be able to access, add lines
# pointing to those directories:
/the/path/to/your/sandbox-packages/** r,
/tmp/codejail-*/ rix,
/tmp/codejail-*/** rix,
}
Note that there are other protections beyond AppArmor, setrlimits is also used to limit some resource use.
--Ned.
BTW: Top-posting makes it harder to follow threads of conversations, better form is to add your comments below the person you're replying to.
> Thanks,
>
> Laszlo
>
> On Sat, Sep 21, 2013 at 12:46 AM, Ned Batchelder <ned@nedbatchelder.com> wrote:
>> On 9/20/13 6:26 PM, Jabba Laci wrote:
>>> I just found Docker ( http://docs.docker.io/en/latest/faq/ ). It seems
>>> sandboxing could be done with this easily.
>>
>> At edX, I wrote CodeJail (https://github.com/edx/codejail) to use AppArmor
>> to run Python securely.
>>
>> For grading Python programs, we use a unit-test like series of challenges.
>> The student writes problems as functions (or classes), and we execute them
>> with unit tests (not literally unittest, but a similar idea). We also
>> tokenize the code to check for simple things like, did you use a while loop
>> when the requirement was to write a recursive function. The grading code is
>> not open-source, unfortunately, because it is part of the MIT courseware.
>>
>> --Ned.
>>
>>> Laszlo
>>>
>>> On Fri, Sep 20, 2013 at 10:08 PM, John Gordon <gordon@panix.com> wrote:
>>>> In <mailman.195.1379698177.18130.python-list@python.org> Jabba Laci
>>>> <jabba.laci@gmail.com> writes:
>>>>
>>>>> There are several questions:
>>>>> * What is someone sends an infinite loop? There should be a time limit.
>>>> You could run the judge as a background process, and kill it after ten
>>>> seconds if it hasn't finished.
>>>>
>>>>> * What is someone sends a malicious code? The script should be run in a
>>>>> sandbox.
>>>> You could run the judge from its own account that doesn't have access to
>>>> anything else. For extra security, make the judge program itself owned
>>>> by
>>>> a separate account (but readable/executable by the judge account.)
>>>>
>>>> I suppose you'd have to disable mail access from the judge account too.
>>>> Not sure how to easily do that.
>>>>
>>>> --
>>>> John Gordon A is for Amy, who fell down the stairs
>>>> gordon@panix.com B is for Basil, assaulted by bears
>>>> -- Edward Gorey, "The Gashlycrumb
>>>> Tinies"
>>>>
>>>> --
>>>> https://mail.python.org/mailman/listinfo/python-list
>>
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
building an online judge to evaluate Python programs Jabba Laci <jabba.laci@gmail.com> - 2013-09-20 19:28 +0200
Re: building an online judge to evaluate Python programs Aseem Bansal <asmbansal2@gmail.com> - 2013-09-20 10:57 -0700
Re: building an online judge to evaluate Python programs Jabba Laci <jabba.laci@gmail.com> - 2013-09-20 20:30 +0200
Re: building an online judge to evaluate Python programs John Gordon <gordon@panix.com> - 2013-09-20 19:34 +0000
Re: building an online judge to evaluate Python programs Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-09-22 12:53 -0400
Re: building an online judge to evaluate Python programs John Gordon <gordon@panix.com> - 2013-09-20 20:08 +0000
Re: building an online judge to evaluate Python programs Jabba Laci <jabba.laci@gmail.com> - 2013-09-21 00:26 +0200
Re: building an online judge to evaluate Python programs Ned Batchelder <ned@nedbatchelder.com> - 2013-09-20 18:46 -0400
Re: building an online judge to evaluate Python programs Ned Batchelder <ned@nedbatchelder.com> - 2013-09-21 16:29 -0400
Re: building an online judge to evaluate Python programs Jabba Laci <jabba.laci@gmail.com> - 2013-09-21 21:57 +0200
csiph-web