mirror of
https://github.com/QingdaoU/Judger.git
synced 2024-12-29 16:31:42 +00:00
add set_uid and set_id, root required
This commit is contained in:
parent
7cd5d5d41a
commit
7bc08802b3
7
runner.c
7
runner.c
@ -167,6 +167,13 @@ int run(struct config *config, struct result *result) {
|
||||
ERROR(DUP2_FAILED);
|
||||
}
|
||||
|
||||
if (setuid(NOBODY_UID) == -1) {
|
||||
ERROR(SET_UID_FAILED);
|
||||
}
|
||||
if (setgid(NOBODY_GID) == -1) {
|
||||
ERROR(SET_GID_FAILED);
|
||||
}
|
||||
|
||||
if (config->use_sandbox) {
|
||||
// load seccomp rules
|
||||
ctx = seccomp_init(SCMP_ACT_KILL);
|
||||
|
5
runner.h
5
runner.h
@ -22,6 +22,8 @@
|
||||
#define DUP2_FAILED 6
|
||||
#define EXCEVE_FAILED 7
|
||||
#define LOAD_SECCOMP_FAILED 8
|
||||
#define SET_UID_FAILED 9
|
||||
#define SET_GID_FAILED 10
|
||||
|
||||
#define CPU_TIME_LIMIT_EXCEEDED 1
|
||||
#define REAL_TIME_LIMIT_EXCEEDED 2
|
||||
@ -31,6 +33,9 @@
|
||||
|
||||
#define ERROR(code) raise(SIGUSR1);return code
|
||||
|
||||
#define NOBODY_UID 65534
|
||||
#define NOBODY_GID 65534
|
||||
|
||||
struct result {
|
||||
int cpu_time;
|
||||
long memory;
|
||||
|
Loading…
Reference in New Issue
Block a user