Running students’ submitted programs is a security challenge for any university Computer Science department. When Harvard University contacted me about some work they are doing with the “sandbox” tool on Fedora 17, we decided it would be a great opportunity to see how they could get more out of it and share our findings with the community.
In a lot of ways, Harvard is setting up a simple PaaS (Platform as a Service). We discussed tools like OpenShift and Secure Linux Containers, but the immediate issue was that once they begin offering ‘Intro to ‘C'” courses online, the students will upload programs to a Harvard web server that will be compiled and tested. And, to no one’s surprise, they were concerned about what the students “C” applications might attempt to do.