Aria is an execution sandbox specifially designed to allow the execution of utterly untrusted code. The general idea is to allow a small range of initialization code (e.g. from ld.so, libc.so etc), calculation, and standard input/output.

The original application was part of a public-facing contest backend for ACM ICPC-style competitions. It takes absolutely no chances; it is sometimes too strict and occasionally requires modification when the program loading process changes. 1 Some work to allow reasonable modifications to the loader etc. while still allowing for full security would be very useful; however aria is entirely functional in its current state.

Aria runs on x86 and x86_64 Linux systems, though porting it to other platforms is feasible.

Other features include:

The source code for aria is currently released into the public domain, although if you use it elsewhere, credit would be appreciated.

Downloads:


  1. For example, on x86_64, recent versions of libc have a SYS_fadvise64 call in their initialization code that was not present in earlier versions.