Suppressing system calls when using gcc/g++

Question

I have a portal in my university LAN where people can upload code to programming puzzles in C/C++. I would like to make the portal secure so that people cannot make system calls via their submitted code. There might be several workarounds but I'd like to know if I could do it simply by setting some clever gcc flags. libc by default seems to include <unistd.h>, which appears to be the basic file where system calls are declared. Is there a way I could tell gcc/g++ to 'ignore' this file at compile time so that none of the functions declared in unistd.h can be accessed?

Answer 1

Some particular reason why chroot("/var/jail/empty"); setuid(65534); isn't good enough (assuming 65534 has sensible limits)?

Answer 2

Restricting access to the header file won't prevent you from accessing libc functions: they're still available if you link against libc - you just won't have the prototypes (and macros) to hand; but you can replicate them yourself.

And not linking against libc won't help either: system calls could be made directly via inline assembler (or even tricks involving jumping into data).

I don't think this is a good approach in general. Running the uploaded code in a completely self-contained virtual sandbox (via QEMU or something like that, perhaps) would probably be a better way to go.

Answer 3

-D can overwrite individual function names. For example:

gcc file.c -Dchown -Dchdir

Or you can set the include guard yourself:

gcc file.c -D_UNISTD_H

However their effects can be easily reverted with #undefs by intelligent submitters :)