Hi, I teach a CS course, and I was wondering if there is a practical way in which to setup a server that would accept student’s tar files, run some tests, and show them the results.

I could go “full unix mode” and roll up some accounts let them ssh into a server, scp their their files… but I was wondering if there is a prepacked solution for this that is nicer to the eye. And I thought maybe you know some.

  • foggy@lemmy.worldEnglish
    132·
    1 day ago

    Why give your students a way to get RCE on your institutions servers through anything less than perfect file upload implementation.

    For a .tar? I wish you the best…

    Instead of that, simplify.

    Use unique salts for each assignment per student.

    Align hashes with those salts to check the outcome for each students assignment.

    Literally have them send you a CTF style sha256 string.

    Do it step by step where each step doesn’t depend on the next, grade as a percentage of flags accurately procured.

    • 𝔻𝕒𝕧𝕖@lemmy.worldEnglish
      3·
      1 day ago

      Absolutely this. Even if you had fancy jails or docker setups for each submission, this will be a nightmare to properly handle. Students DOSing each other exactly before the submission deadline, too.

      • foggy@lemmy.worldEnglish
        3·
        14 hours ago

        I mean just for the love of God don’t spin up something on your company’s infrastructure that accepts file uploads.

        Just don’t.

        If you’re reading this and going “well, it’s just internal,” or “well, it doesn’t do much it just accepts this exact file type.” My god. Ask your CISA. And if they’re okay with it, cool. That’s on them.

        Unless your whole business is transferring files, don’t. And even then… Don’t.

        And if you’re still confused, the answer is to use another company’s infrastructure for this. Use Azure. Use AWS. Use Google cloud or even g suites. Don’t accept that liability. Let the trillionaires do it.

        • sugar_in_your_tea@sh.itjust.worksEnglish
          1·
          7 hours ago

          You can accept them on internal networks, just have a file size limit and don’t extract them locally, but send to some cloud service for handling. You could even have it work with email attachments if you want.

          Basically:

          1. Put file somewhere
          2. Spin up runner
          3. Upload and execute code
          4. Spin down runner either upon success or after a time limit
          5. Send result to the student (if it to took too long, that’s a fail too)
          • foggy@lemmy.worldEnglish
            1·
            2 hours ago

            My first method eliminates waiting to see if your students code runs fast enough. Unless complexity is part of the assignment, I’d still say go for the hash.

            It’s also less work for the professor/grader.