Security VPL 1.X and 2.X

Security is a key element in VPL. This document describes the security aspects in the components of the system.

Moodle Module

It is noteworthy that although the Moodle module deals with the running and the evaluation of submissions, don't run code, either from an administrator or a student. The only code that runs on the server is the module itself, the running and evaluation are always executed on a jail server. Another issue is the protection of submitted files, so that its can't be downloaded through "file.php". The submitted files are stored out of the scope of "file.php". To retrieve a submission a local method is provided returning it as a compressed file.

Editor

The applet editor has no access to local machine resources then it can not read or alter information from the local machine.

Jail

The jail service focuses security in running requests in a jail chroot. The "chroot" is responsible for changing the root file system. The jail server use a fake file system that does not allow executions to escalate privileges. In each run a randomly selected user among those available is used. At the end of each run the system deletes all files created by the selected user.

Source code available

The VPL code is freely available and that means greater security as every one can verify the behaviour of the system at all times.