Skip to content

Commit

Permalink
fix: 解决一些安全问题
Browse files Browse the repository at this point in the history
  • Loading branch information
@M1saka10010
M1saka10010 committed Oct 21, 2024
1 parent 41f110d commit f7e48fc
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 2 deletions.
3 changes: 3 additions & 0 deletions docker-compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ services:
container_name: mysql
restart: always
volumes:
- ./data/mysqld:/var/run/mysqld
- ./data/mysql/data:/var/lib/mysql
- ./data/mysql/conf.d:/etc/mysql/conf.d
- ./conf.d/init.sql:/docker-entrypoint-initdb.d/init.sql
Expand Down Expand Up @@ -63,10 +64,12 @@ services:
judge:
container_name: judge
restart: always
network_mode: none
build:
context: .
dockerfile: Dockerfile.judge.alpine
volumes:
- ./data/mysqld/mysqld.sock:/judge/mysqld.sock
- ./judge:/judge/judge
- ./polygon:/judge/polygon
depends_on:
Expand Down
14 changes: 14 additions & 0 deletions docs/docker.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,17 @@ find . -type f -name "spj.cc" -exec sh -c '/usr/bin/g++ -fno-asm -std=c++14 -O2
```

重新编译所有题目的 special judge 。

## 安全性问题

由于关掉了 P trace 机制,可能会导致一些安全性问题。

建议对 judge 容器进行隔离,不要让其访问外部网络。使用 socket 连接的方式与数据库进行通信。

### 具体操作

`/judge/config.ini` 以及 `/polygon/config.ini` 中注释掉 `OJ_HOST_NAME``OJ_PORT_NUMBER` 两行,并解除 `OJ_MYSQL_UNIX_PORT` 的注释。

同时确保 `mysqld.sock` 已经映射到了 `judge` 容器中。

同时防止 `config.ini` 文件被读取,可以将其权限设置为 `root` 用户所有的 600 文件 `chmod 600 config.ini`
2 changes: 1 addition & 1 deletion judge/config.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ OJ_USER_NAME=socoding
OJ_PASSWORD=socoding
OJ_DB_NAME=scnuoj
OJ_PORT_NUMBER=3306
#OJ_MYSQL_UNIX_PORT=/var/lib/mysql.sock # MySQL 连接套接字路径
#OJ_MYSQL_UNIX_PORT=/judge/mysqld.sock # MySQL 连接套接字路径
OJ_SLEEP_TIME=1 #通过轮询数据库发现新任务,轮询间隔的休息时间,单位秒
OJ_TOTAL=1 #老式并发处理中总的judged数量
OJ_MOD=0 #老式并发处理中,本judged负责处理solution_id按照TOTAL取模后余数为几的任务。
Expand Down
2 changes: 1 addition & 1 deletion polygon/config.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ OJ_USER_NAME=socoding
OJ_PASSWORD=socoding
OJ_DB_NAME=scnuoj
OJ_PORT_NUMBER=3306
#OJ_MYSQL_UNIX_PORT=/var/lib/mysql.sock # MySQL 连接套接字路径
#OJ_MYSQL_UNIX_PORT=/judge/mysqld.sock # MySQL 连接套接字路径
OJ_SLEEP_TIME=2 #通过轮询数据库发现新任务,轮询间隔的休息时间,单位秒
OJ_TOTAL=1 #老式并发处理中总的judged数量
OJ_MOD=0 #老式并发处理中,本judged负责处理solution_id按照TOTAL取模后余数为几的任务。
Expand Down

0 comments on commit f7e48fc

Please sign in to comment.