bound

This program demonstrates how to create a basic sandbox for solution checking.

We consider that solution is some executable file (only ./under at this point).

This project in the early stage of development. That means you really should not use it in production.

That are performed when you're doing ./bound, let's describe sequence of them:

in run_standalone process forks;
then in child process we set up limits for cpu and memory;
after that child process says TRACEME;
meanwhile parent process waits for this in waitpid;
child process performing execv, that changes image to ./under;
./under is executed;
meanwhile parent waits for a syscall in child process or just for child termination;
the situation when syscall is taking place in child is caught by parent in the syscallwall, syscallwall just print debug message at this point.

Short todo

Currently this project is able to run only on linux with amd64 arch. That is you need linux with amd64 architecture, at least on virtual machine.

If you decide to develop on debian-family linuxes I can guess which packages you should have on your system:

$ sudo apt-get install make gcc build-essential git

Now you can fetch the git repo:

$ git clone http://github.com/alvelcom/bound.git
$ cd bound

Now you are ready to build:

$ make

If you could see bound file then build was successful. Now you need to cook the payload or under. You could compile test/t02.c:

$ gcc -o under test/t02.c

t02 is forever loop test, you could check it (use Ctrl-C to break):

$ ./under

Now you could run bound which should automatically terminate under after about 3 second.

$ ./bound

At first you should understand what is syscalls and why we should keep they under control.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
src		src
test		test
.gitignore		.gitignore
Makefile		Makefile
README.md		README.md