A very common problem in process management is to manage the behavior of a process whose source code and behavior you cannot control, e.g., a student-submitted program for a programming class. A systematic problem in grading student programs is that their program can do anything at all that the user who is running the program can do.
One solution to this problem is to create a "sandbox" for the process to be graded, that keeps the process from doing things it should not be able to do. Sandboxing is so important that whole operating systems (most recently, Google Chrome OS -- a version of linux not to be confused with the Chrome browser) have been written to provide the service.
In this assignment, you will write a program that executes another program (e.g., a program to be tested) in a controlled environment. When executing in this environment, the program should only do things that are explicitly allowed according to a predetermined policy, and should be killed (and a note made on stderr) if the program does anything not allowed by the policy.
Just to make this interesting, I am going to give you some behaviors to stop and to identify. I will provide several misbehaving programs and you have to keep them from misbehaving. Each program will try to take over the resources of the whole machine and keep everyone from working. To be fair about this, I am going to craft them so that a simple control-C will stop them; in the worst case I could craft them so that this won't work!
Your objective is to write a
watch that, when invoked, runs another given program and
attempts to control behaviors of the child process.
The program to run should be specified in watch's first argument.
watch ./a.outshould invoke your program
watchto invoke and watch the execution of the child process
watchshould react to several conditions in the child process with preventative actions, and report each prevented behavior and action to
watchprogram should exit.
Part of the problem is to distinguish which behaviors can be controlled through the operating system itself, which ones can be controlled through monitoring, and which can only be controlled partially due to extenuating circumstances. Some of the above conditions are easy to assure, and some are impossible to completely control. Some can be "controlled" but one cannot be sure exactly which condition was violated. It is part of your task to determine which parts of these requirements are possible to accomplish, and which ones are not!
gdbinterface and single-step the child program, but this is very difficult and not recommended.
man waitidfor details.
exec, that handler would get overwritten!
For this assignment, since we are going to be doing something
"dangerous", we will work on our own machines,
comp111-06.cs.tufts.edu. These machines are inside the
firewall and cannot be accessed directly.
To work there, ssh to
linux.cs.tufts.edu first, then to
-06). It is rather important that
you do not test this program on
linux.eecs.tufts.edu, especially since you will be
running (and trying to control) intentionally antisocial programs!
If you manage to crash one of the servers, please don't try to run your program on the other one until you're sure that you've fixed it. I say this because in the past, students have managed to crash all servers from a single cause. This is why there are six of them!
The whole program should be in a single c program
Programs in other languages are unacceptable.
The beginning of the file should describe how to compile the
file, in comments. A typical compilation command might be:
gcc -g -o watch watch.c -lpthread -lrtThis allows use of the POSIX threads library (-lpthread) and the real-time high-resolution clock library (-lrt).
To submit this program, first ssh to
provide comp111 a3 watch.cwhere
watch.cis a file containing your program.
If you use shadow libraries, please instead type:
provide comp111 a3 watch.c shadow.cwhere
shadow.cis the code for your shadow program.
You may add
shadow.so, etc if you wish.
Your submission will be graded offline. To see grading status or comments, type:
| Your shadow code (if any) is contained in |
|The method for compiling watch.c is documented in a comment at the top of the program.|
|The method for compiling shadow.c is documented in a comment at the top of the program.|
|Your program, when compiled into the file "watch", takes one argument that is the name of a compiled child program. Typing
|At the top of your |
|Case 1: limit size of stack.|
|Case 2: limit size of heap.|
|Case 3: prohibit forking.|
|Case 4: prohibit thread creation.|
|Case 5: prohibit opening files.|
|(extra credit) Case 6: Limit size of global variables.|