SERIOUS SECURITY FLAW

hicham · Post by **hicham** » Thu Jun 17, 2004 1:29 pm

A SERIOUS SECURITY FLAW is identified.

Simply put, this bug when exploited completely negates the puropse of the Judge, by letting one "Cheat" at will. Also this flaw can probably be exploited in order to hack the judge machine, erase files or any other malicious activity.
I have only explored the possibility of "Cheating".
At this moment I will refrain from making any technical details public, in order to prevent any attacks. However I can say that this "trick" is so obvious and rather easy, that I am really surprised that the Judge was running for many years without this weakness being identified and exploited, or was it? Maybe someone knew and didn't tell

Anyway, as a proof of principle I have "Cheated" my way to the top of one of the finest and most prized problems on the judge in my opinion 495.
My best timing with an "honest" code was 59ms. Now it is 25ms.
Second trial was with 102.
My best timing was 51ms, now it is 2ms.
These are the only problems which I have tested but I think the trick will work most of the time.
Of course I want the administrators to remove my stats from these problems, THIS WAS JUST A DEMONSTRATION.
The admins are encouraged to contact me, and work on solving this problem.

Andrey Mokhov · Post by **Andrey Mokhov** » Fri Jun 18, 2004 9:58 am

Hi!

Just interested: why you couldn't get 0.000 sec?

And isn't your 'trick' is just another attempt of getting correct judge output and sending it?

Bye.
Andrey.

hicham · Post by **hicham** » Fri Jun 18, 2004 10:30 am

Hi,

You probably have not tried 495. My estimate of the output file is about 2.8MB. There is no way to dump that much bytes in 0.000s, I ve never seen io routines work that fast, and believe me I use the fastest there is.
You say "just another attempt", what other attempts were there?
I dont understand what you mean by "getting correct judge output and sending it"?

Cheers

shamim · Post by **shamim** » Fri Jun 18, 2004 12:12 pm

I think what Andrey meant, to submit only output data.

A year back, there was a popular post regarding how to get judge's input file.

But u are saying that the output file is very big, then you have another trick at your sleves.

hicham · Post by **hicham** » Fri Jun 18, 2004 3:41 pm

Yes of course. I know about that post and I must say it is rather obvious. The idea is theoretically sound, but that is not a flaw. A flaw is an unwanted feature, not a feature inherent to the system and necessary for its normal function. The judge has to be deterministic in order to be comprehensible and simple enough.
What I report is an unwanted feature that I am sure, the administrators have thought they have removed, but obviously failed.

.. · Post by .. » Fri Jun 18, 2004 9:05 pm

hicham wrote: The admins are encouraged to contact me, and work on solving this problem.

I think you better mail to problemset@acm.uva.es. There are so many new posts a day, you can't require the admin read every post.

Post by **Carlos** » Fri Jun 18, 2004 10:32 pm

Hi!
I think I know what you mean. It's not really a bug, and you're not the first one using it. The first time I saw it was when I tried to increase judge's input for problem 495, he solved it in 0.080s.
We haven't found a way to avoid it, I think there's no suitable way...if you have any idea, please tell us.
Anyway I've sent you an email to check whether we're talking about the same.

OJ Board

SERIOUS SECURITY FLAW

SERIOUS SECURITY FLAW

Re: SERIOUS SECURITY FLAW

Not really a bug...