Re: building an online judge to evaluate Python programs

On 09/23/2013 06:20 AM, Ned Batchelder wrote: If you want to run untrusted Python code and prevent malice (or stupidity) from harming you, you need OS-level protection. --Ned. That reminds me of the quote from Albert Einstein, (paraphrased): "There are only two things that are infinite,

Re: building an online judge to evaluate Python programs

> > > If you want to run untrusted Python code and prevent malice (or stupidity) > from harming you, you need OS-level protection. > > Agreed. Just for fun here's a simple example of what could be an honest mistake that consumes all physical memory and swap. A well behaved kernel will kill the proc

Re: building an online judge to evaluate Python programs

On 9/23/13 8:33 AM, Fábio Santos wrote: On 20 Sep 2013 21:14, "Jabba Laci" > wrote: > > > That last seems to me to be the biggie. Several times in the past few > > years, people in this mailing list have tried to build a safe sandbox. > > And each one was a big fa

Re: building an online judge to evaluate Python programs

On 20 Sep 2013 21:14, "Jabba Laci" wrote: > > > That last seems to me to be the biggie. Several times in the past few > > years, people in this mailing list have tried to build a safe sandbox. > > And each one was a big failure, for a hacker of sufficient interest. > > Some of them were spectacul

Re: building an online judge to evaluate Python programs

Hi Ned, Could you please post here your AppArmor profile for restricted Python scripts? Thanks, Laszlo On Sat, Sep 21, 2013 at 12:46 AM, Ned Batchelder wrote: > On 9/20/13 6:26 PM, Jabba Laci wrote: >> >> I just found Docker ( http://docs.docker.io/en/latest/faq/ ). It seems >> sandboxing coul

Re: building an online judge to evaluate Python programs

On 9/21/13 3:57 PM, Jabba Laci wrote: Hi Ned, Could you please post here your AppArmor profile for restricted Python scripts? Laszlo, the instructions are in the README, including the AppArmor profile. It isn't much: #include /bin/python { #include #include /** mr, # If

Re: building an online judge to evaluate Python programs

On Fri, Sep 20, 2013 at 11:28 AM, Jabba Laci wrote: > Hi, > > In our school I have an introductory Python course. I have collected a > large list of exercises for the students and I would like them to be > able to test their solutions with an online judge ( > http://en.wikipedia.org/wiki/Online_j

Re: building an online judge to evaluate Python programs

On 20/9/2013 13:28, Jabba Laci wrote: > Hi, > > In our school I have an introductory Python course. I have collected a > large list of exercises for the students and I would like them to be > able to test their solutions with an online judge ( > http://en.wikipedia.org/wiki/Online_judge ). At the

Re: building an online judge to evaluate Python programs

On 9/20/13 6:26 PM, Jabba Laci wrote: I just found Docker ( http://docs.docker.io/en/latest/faq/ ). It seems sandboxing could be done with this easily. At edX, I wrote CodeJail (https://github.com/edx/codejail) to use AppArmor to run Python securely. For grading Python programs, we use a uni

Re: building an online judge to evaluate Python programs

I just found Docker ( http://docs.docker.io/en/latest/faq/ ). It seems sandboxing could be done with this easily. Laszlo On Fri, Sep 20, 2013 at 10:08 PM, John Gordon wrote: > In Jabba Laci > writes: > >> There are several questions: >> * What is someone sends an infinite loop? There should b

Re: building an online judge to evaluate Python programs

On 9/20/2013 4:04 PM, Jabba Laci wrote: That last seems to me to be the biggie. Several times in the past few years, people in this mailing list have tried to build a safe sandbox. And each one was a big failure, for a hacker of sufficient interest. Some of them were spectacular failures. If yo

Re: building an online judge to evaluate Python programs

In Jabba Laci writes: > There are several questions: > * What is someone sends an infinite loop? There should be a time limit. You could run the judge as a background process, and kill it after ten seconds if it hasn't finished. > * What is someone sends a malicious code? The script should be

Re: building an online judge to evaluate Python programs

> That last seems to me to be the biggie. Several times in the past few > years, people in this mailing list have tried to build a safe sandbox. > And each one was a big failure, for a hacker of sufficient interest. > Some of them were spectacular failures. > > If you have to be safe from your use

Re: building an online judge to evaluate Python programs

In Jabba Laci writes: > Let's take this simple exercise: > "Write a function that receives a list and decides whether the list is > sorted or not." > Here the output of the function is either True or False, so I cannot > test it with my current method. Make a master input file and a master o

Re: building an online judge to evaluate Python programs

Let's take this simple exercise: "Write a function that receives a list and decides whether the list is sorted or not." Here the output of the function is either True or False, so I cannot test it with my current method. Laszlo On Fri, Sep 20, 2013 at 7:57 PM, Aseem Bansal wrote: >>However, it

Re: building an online judge to evaluate Python programs

>However, it can only be used with programs that produce an output Just interested, what else are you thinking of checking? -- https://mail.python.org/mailman/listinfo/python-list

building an online judge to evaluate Python programs

Hi, In our school I have an introductory Python course. I have collected a large list of exercises for the students and I would like them to be able to test their solutions with an online judge ( http://en.wikipedia.org/wiki/Online_judge ). At the moment I have a very simple web application that i