Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
yeputons2011-02-13 00:40:06
Windows
yeputons, 2011-02-13 00:40:06

"Sandbox" in Windows do-it-yourself (bicycle)?

Good evening.
Recently I became interested in how the behavior of participants' programs is controlled at various Olympiads? No, it is clear, of course, that by the participants themselves (in case of violation, there is usually a disqualification), but from a program point of view. For example: prohibition of work with the network, file system, processes, etc. Those. you can only read/output to stdin/stdout, allocate some memory and call standard functions (libc).
In eJudge this issue is resolved by adding if'a to all system calls (patch to the kernel). But this is under Linux.
The question is - how do you spell this kind of "sandbox" under Windows? Running from a guest solves a lot of problems, and climbing is quite difficult. But I want a complete solution. Which way to dig, what to read, whether there are documented methods. There are ready-made programs, but I want to assemble at least some kind of bicycle with my own hands.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

10 answer(s)
Report
P
p1ayer, 2011-02-13
@p1ayer

can use *nix? or do you need wine?

Report
E
eternals, 2011-02-13
@eternals

Run as a specific user?
Plus, all decisions are usually saved, so that later you can tear off your hands if something nevertheless crawls through.

Report
G
gjf, 2011-02-13
@gjf

It’s a little unclear why reinvent the wheel if there are ready -made free solutions. You - checkers or get there? ;)

Report
A
amirul, 2011-02-14
@amirul

No drivers needed. Practical Windows Sandboxing in three parts. ACL is enough for her to restrict almost everything (including Windows networking - pipes and mailslots, for berkeley sockets you will have to use the built-in firewall) - in fact, they were invented for such access control.
Chrome sandbox is a fairly independent project from the rest of chrome. So you can pull out and use for personal purposes.

Report
A
amc, 2011-02-13
@amc

I won’t say for the Olympics, but Win has one simple method: call interception.
If possible, run AVZ on a system with antivirus installed (especially KAV), look at the list of intercepted calls and draw your conclusions.

Report
O
olololog, 2011-02-13
@olololog

Thrinstall.

Report
Z
zed91, 2011-02-13
@zed91

If completely, completely, then the driver. for each subsystem. But grab everything you can.

Report
A
agul, 2011-02-14
@agul

I know that NSUTS (Novosibirsk GU system) uses WinKiller. + there under each user the separate user with practically zero rights is created.

Report
P
powder96, 2011-10-22
@powder96

For some reason, I thought of a perverted version:
Download the ten-megabyte Windows Research Kernel;
Like eJudge, add if's to all system calls;
Compile the kernel and replace the old ntoskrnl/ntkrnlpa with the new one;
???
PROFIT!

Report
S
Stanislav Agarkov, 2011-10-22
@stas_agarkov

Set up a virtual machine.

Similar questions
P
pinguine2017-06-06 17:14:53
Is there any way to check the existence of a city programmatically? 3Reply
F
freeman02042015-08-03 16:02:00
Font Awesome doesn't work in Safari. How to fix? 6Reply
T
Test Test2015-03-24 11:53:27
What is the name of the program? 1Reply
D
DLeinss2021-03-18 02:11:40
How to restore the functionality of applications? 2Reply
C
Cyril2019-08-26 10:39:08
How to connect via RDP to a PC so that the user does not have to log out of his session? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question