Improved security in the C/C++ Autograder
Posted on 2024-07-23 by Jonatan Schroeder
Based on the work performed by Khaled Attili, a Computer Security student at York University in Toronto, the security of the C/C++ autograder has been improved. In particular, Khaled identified ways in which students could trick the autograder for some types of questions into providing a passing grade. The autograder has been updated to ensure these attack vectors are no longer possible.
The changes listed above are not expected to affect the vast majority of questions. However, instructors using the libcheck-based unit testing in the autograder are encouraged to review their test cases in some particular scenarios listed below:
- By default, the new autograder closes all open files at the start of each unit test, except for standard input/output/error. If you have tests that rely on files opened in the main function or in unchecked test fixtures and used in the unit tests, you are encouraged to open these files in the unit test itself, or in a checked fixture. This includes other types of file descriptors, like sockets, pipes or directories.
-
By default, the new autograder clears all environment variables at the start of each unit test.
If you have tests that rely on environment variables (e.g.,
$PATH
or$HOME
), you are encouraged to set these variables in the unit test itself, or in a checked fixture. - The new autograder runs the test application as root, while unit tests run as an unprivileged sandbox user. This means that any creation of files or other resources in the main application will create these resources as owned by root, which may limit the availability of these resources in the unit test. If this is your case, please change the permissions or owner of these files before running the unit tests.
Instructors using forked versions of the C/C++ autograder are encouraged to update their repositories to get access to the new changes. Note that these changes only affect tests using libcheck-based unit testing, so code that relies on other testing methods (e.g., output-based comparison) is not affected.