Remove network access from student code

[julesfm]

Hi,
I've written a very small patch that adds the "unshare" command to the chain of sudo, runguard etc that are used to run the students' submitted code.
It removes a large number of namespaces from the executed code, which prevents them snooping on each other and various other things too, read unshare(1) for more information.
This stops our students being able to download a "crib sheet" from a URL in an exam, where they are using CodeRunner within Moodle for computer-aided assessments.

Sorry I'm no good with pull requests, so here's the code (it's a very simple change):
`diff -Naur jobe.orig/app/Config/Jobe.php jobe/app/Config/Jobe.php
--- jobe.orig/app/Config/Jobe.php 2025-02-26 15:59:57.906300892 +0000
+++ jobe/app/Config/Jobe.php 2025-02-27 13:46:27.322378892 +0000
@@ -93,4 +93,21 @@
// JKF Uncommented these to enable them.
public string $javac_extraflags = '-J-XX:ActiveProcessorCount=1';
public string $java_extraflags = '-XX:ActiveProcessorCount=1';
+

• /*
• |--------------------------------------------------------------------------
• | unshare(1) arguments for restricting what jobs can do
• |--------------------------------------------------------------------------
• |
• | This section of the config file adds extra controls to enable and use
• | the unshare(1) command to restrict what student-submitted code can do,
• | such as disable network access and the ability to read other user's
• | files etc.
• |
• | If enabled, the unshare command is run from within the runguard command.

• */
  

• public bool $unshare_enabled = true;
• // JKF With no networking: public string $unshare_command = '/usr/bin/unshare --user --net --pid --fork --kill-child --mount-proc --mount --ipc --uts --time --map-current-user';
• public string $unshare_command = '/usr/bin/unshare --user --pid --fork --kill-child --mount-proc --mount --ipc --uts --time --map-current-user';

}
diff -Naur jobe.orig/app/Libraries/LanguageTask.php jobe/app/Libraries/LanguageTask.php
--- jobe.orig/app/Libraries/LanguageTask.php 2025-02-03 13:56:39.422651431 +0000
+++ jobe/app/Libraries/LanguageTask.php 2025-02-27 12:13:13.910504267 +0000
@@ -328,6 +328,13 @@
if ($filesize != -1) { // Runguard's default filesize ulimit is unlimited.
$sandboxCommandBits[] = "--filesize=$filesize";
}
+

•    // JKF
  

•    // Insert unshare(1) command if enabled
  

•    if (config('Jobe')->unshare_enabled == true) {
  

•        $sandboxCommandBits[] = config('Jobe')->unshare_command;
  

•    }
  

•    $sandboxCmd = implode(' ', $sandboxCommandBits) .
             ' sh -c ' . escapeshellarg($wrappedCmd) . ' >prog.out 2>prog.err';
  

`

[julesfm]

Looks like the formatting went wrong there, sorry!

[julesfm]

jobe.diff.txt

That's the "diff -Naur" patch file as a text file for you.

[trampgeek]

Thanks for the contribution. Sorry about the delay in responding - it's the start of semester here and I'm teaching a class of 1000 students.

I'm not entirely clear what exploits this addition is preventing. You mention "This stops our students being able to download a "crib sheet" from a URL in an exam, where they are using CodeRunner within Moodle for computer-aided assessments." But the Jobe server should be firewalled to prevent any outgoing connections. And each students workspace is temporary for the duration of their run only and should be invisible to all other students.

Can you clarify, please? Certainly if there are ways for students to share information within Jobe I'd like to know about them!

-- Richard