指定使用nobody用户进行编译，防止#include</etc/shadow>等情况的发生

部分情况下，include敏感文件可能造成信息泄露。这里设置一下用户权限。
2024-09-21 00:13:18 +00:00 · 2016-03-05 11:42:17 +08:00 · 2016-03-05 11:42:17 +08:00 · cf2fc9df1a
commit cf2fc9df1a
parent 2a1db9fa67
2 changed files with 4 additions and 2 deletions
--- a/judge/client.py
+++ b/judge/client.py
@ -91,7 +91,8 @@ class JudgeClient(object):
                                out_file=os.path.join(self._judge_base_path, str(test_case_id) + ".out"),
                                args=execute_command[1:],
                                env=["PATH=" + os.environ["PATH"]],
-                                use_sandbox=self._language["use_sandbox"])
+                                use_sandbox=self._language["use_sandbox"],
+                                use_nobody=True)
        if run_result["flag"] == 0:
            output_md5, r = self._compare_output(test_case_id)
            if r:
--- a/judge/compiler.py
+++ b/judge/compiler.py
@ -20,7 +20,8 @@ def compile_(language_item, src_path, exe_path, judge_base_path):
                                max_memory=2000000000,
                                args=compile_args,
                                env=["PATH=" + os.environ["PATH"]],
-                                use_sandbox=False)
+                                use_sandbox=False,
+                                use_nobody=True)

    compile_output_handler = open(compiler_output_file)
    compile_output = compile_output_handler.read().strip()