How to ignore malicious code from the programmer

If i write some dangerous code such as Runtime.getRuntime().exec(“rm -rf /”), and the engine execute it, what will happen?And how to do the security scan

If your question is related to java only, you can use the SecurityManager to prevents insecure operations from any executed code.

If your question is language agnostic, it’s a little more complex. Most of the time when a website (like codingame) execute your code, it’s in a Virtual Machine with a specific user. This specific user can’t create or modify any files. And the read access are under control of course.

This is only a small addition to what Magus said, but if you are interested in finding out more about techniques like executing in a Virtual Machine, I believe the broad term for the approach is Sandboxing.

If you are asking about how Codingame prevent this kind of attack, they run our code with a linux user that have no permissions, this user can only read and execute the file that are in the /tmp dir, that is create for the game execution, and will be deleted after the game. This user is different for each player, it is a kind of jail. So, if you try to run this command, you will not have permission in linux, so, the command will fail, in any kind of language…

1 Like

Definitely looks to me like a firsthand account from someone who tried to break free of the said jail… :cop: