Fix untrusted input bug.

giomasce · stefano-maggiolo · commit 71db0832ed47 · 2015-01-03T12:54:56.000Z
During the execution of a task of Batch type, the contestant program
could tamper with the input file (usually input.txt). We check it
out again from the database to be sure.

Committer note: this patch was first written when the contestant could
actually write the input file. At commit time, this is no longer true
(it can only write the output file). Nonetheless, graders might decide
to delete the input, so the patch still makes sense.
diff --git a/cms/grading/tasktypes/Batch.py b/cms/grading/tasktypes/Batch.py
@@ -331,6 +331,21 @@ def evaluate(self, job, file_cacher):
                                 manager_filename,
                                 job.managers[manager_filename].digest,
                                 executable=True)
+                            # Rewrite input file. The untrusted
+                            # contestant program should not be able to
+                            # modify it; however, the grader may
+                            # destroy the input file to prevent the
+                            # contestant's program from directly
+                            # accessing it. Since we cannot create
+                            # files already existing in the sandbox,
+                            # we try removing the file first.
+                            try:
+                                sandbox.remove_file(input_filename)
+                            except OSError as e:
+                                pass
+                            sandbox.create_file_from_storage(
+                                input_filename,
+                                job.input)
                             success, _ = evaluation_step(
                                 sandbox,
                                 [["./%s" % manager_filename,
