Safe Server Side Build and Test
January 22nd, 2009
Another of my grad students, Rory Tulk, is converging on a thesis topic: making server-side build and test safe to do when you don’t trust people’s code. We need to figure this out because we’d like to use continuous integration in undergrad classes, but student code is frequently malicious (usually by accident, but occasionally on purpose). If you have thoughts, he’d like to hear from you.
This is where virtual machines could play a big role, as a form of “sand-boxing”. The ideal scenario would be for each build to run in a spanking brand new vmware image (or alternative system) so that the build can do whatever it likes, but it can’t harm the host system, if things are set up correctly.
The other benefit is each build and test will run on *exactly* the same OS setup and state, so that there are no side-effects between builds that could creep in.
Check out Google’s Native Client project:
http://code.google.com/p/nativeclient/
“Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps.”
I know that says “web,” but it’s not hard to see it as a pretty general sandbox solution.
Link to their (well written) paper about it:
http://nativeclient.googlecode.com/svn/trunk/nacl/googleclient/native_client/documentation/nacl_paper.pdf
I guess I don’t understand what the problem is: either you figure out how to make every language the students will write in “secure” (let’s start with… Make!), or you virtualize everything.
It looks like he’s already going the virtualization path, though… So where is the problem?
I want a very similar kind of system for our online marking project. Let’s talk!