Eagle Sandbox Contest

Eagle: Secure Software Automation

The Live Language Demonstration is online and uses a sandboxed "safe" Eagle interpreter.

2018-06-21: Faster Tcl/Eagle script evaluation on the web site by avoiding page reloads (i.e. by using the JavaScript XMLHttpRequest object).

The contest is to see who can be the first person (or team) to do any of the following:

  1. Escape from the "safe" sandbox (Difficulty: Jackpot).
  2. Run forever, bypassing the 5 second limit (Difficulty: Hard).
  3. Crash the web server process by using Eagle (Difficulty: Hard).
  4. Cause a "hard" stack overflow (Difficulty: Medium).
  5. Consume all available memory (Difficulty: Medium).
  6. Receive an unexpected error (Difficulty: Low).

To clarify the "official contest rules":

  1. All kinds of flooding are forbidden.
  2. The contents of the file systems must not be erased, damaged, or otherwise corrupted.
  3. Exploiting vulnerabilities in the underlying operating system and/or web server is permissible, but highly discouraged (i.e. because Eagle is cross-platform and these things are outside of its control).
  4. Since the interpreter may be shared, simply removing one or more commands (making those commands subsequently unavailable to others) does not count.
  5. For goal #1, presenting the contents of the file "C:\secret.txt" will be considered proof.
  6. For goals #1 and #3, causing the web server process to automatically recycle due to excessive memory usage does not count.
  7. Proof must include a screenshot and complete details, which will be corroborated using the server logs.
  8. The Grand Prize is a Red Swingline Stapler and there is only one of these available.
  9. Additional prizes may be awarded, at the discretion of Eyrie Solutions and/or Mistachkin Systems.

For a limited time, anyone who successfully escapes from the "safe" sandbox will receive:

  1. An encrypted license certificate for Eagle Enterprise Edition (which includes Harpy) with all its features enabled.
  2. Pretty good bragging rights, since this contest has been running for almost six years with no winners.

This contest is sponsored by Eyrie Solutions and Mistachkin Systems.

This contest was started on 2016-11-22 and it is not over until there is a winner for each prize.