Hello,
I am using VS2012 or VS2013 to compile and link simple C and C++ console application source files my students submit for grading and am then using Process.Start in a C# app I wrote to run and test the resulting executables. So far all of this is working fine. However, in case a student inadvertently (or intentionally) writes some destructive code (like a recursive delete of all files starting from the root, the creation of a tremendous number of files, or the creation of an extremely large file), I need to be able to protect my computer from this. Since the entire process of compiling and running/testing is automated there is no good AI way I know of to "look" at the source code first to see if any such destructive operations are coded there. I know that there are many clever ways that hackers can create executables that will get around just about any type of protection, but I'm not expecting that students would actually submit any source code with that type of thing in it (and if they do, then I'm really hosed!).
Thus, it appears that the best approach is some sort of sandboxing setup. I can't use a sandbox application like "Sandboxie" because my C# application must communicate with stdin, stdout, and stdout streams of the processes I start, and the company that makes "Sandboxie" says there is no provision for doing this in their product. A more appropriate approach seems to be to set up an additional user on my machine (Windows 8.1, 64-bit), vastly restrict what that user is allowed to do, then start the process I want to test using that user's credentials.
As an alternative I could simply run the processes in a virtual machine, which wouldn't affect my primary OS if the VM got corrupted. However, the main problem I see with this is the complexity and time factor involved in reinstating and restarting the VM OS automatically if it did get corrupted.
Assuming the separate user approach would suffice, I'm wondering if I can reasonably limit things in the way I'd like to. For example, I'd like the process to have access to one and only one subdirectory. In that subdirectory it can read any file, create a limited number of new files (but not any sub directories), write into any files it creates (but not beyond a certain size), delete files it creates (but not those it doesn't create), but not change the permissions on any files. I have a feeling I may need to write some sort of monitoring process that monitors the number of files being created as well as the maximum size of a file, but I'm hoping the other conditions can be set up as part of the user profile.
Any suggestions or other help regarding the feasibility of what I am trying to do would be appreciated.
Thanks,
Ray