From owner-freebsd-hackers@FreeBSD.ORG Wed Oct 8 21:47:37 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66A2216A4B3 for ; Wed, 8 Oct 2003 21:47:37 -0700 (PDT) Received: from mx2.mail.ru (mx2.mail.ru [194.67.23.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8194343F93 for ; Wed, 8 Oct 2003 21:47:36 -0700 (PDT) (envelope-from earthman@inbox.ru) Received: from [213.179.248.1] (port=3536 helo=hp6100) by mx2.mail.ru with esmtp id 1A7Si6-000K0V-00 for freebsd-hackers@freebsd.org; Thu, 09 Oct 2003 08:47:35 +0400 Date: Thu, 9 Oct 2003 07:46:45 +0300 From: earthman X-Mailer: The Bat! (v1.62r) Organization: home!!! X-Priority: 3 (Normal) Message-ID: <1197083983.20031009074645@inbox.ru> To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam: Not detected Subject: On-line judgment kernel module X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: earthman List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2003 04:47:37 -0000 I want to create on-line judge for acm like olympiads. So I have to execute some code that came in source from outside(www). Thus security problem is my main problem. The idea is to deny all syscalls for specific process p. This is possible even without rewriting kernel by kernel module. Now I'm thinking how to do this. Possibly it would be easy to point p->sv_sysent to the structure that points sv_prepsyscall to some function that denies some system calls. (kill process, make some record in module about restricted call) But I don't understand how to cancel syscall out of those function. Maybe it's possible to change code parameter to something else. -- Best regards, earthman mailto:earthman@inbox.ru icq: 145680330