{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Juvenile、少年° 的问题《Secure way to run other people code (sandbox) on m》','https://www.manongdao.com/q-75830.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to make a web service that run other people code locally... Naturally, I want to limit their code access to certain "sandbox" directory, and that they wont be able to connect to other parts of my server (DB, main webserver, etc)
Whats the best way to do it?
Run VMware/Virtualbox:
(+) I guess it's as secure as it gets.. even if someone manage to "hack".. they only hack the guest machine
(+) can limit the cpu & memory the process uses
(+) easy to setup.. just create the VM
(-) harder to "connect" the sandbox directory from the host to the guest
(-) wasting extra memory and cpu for managing the VM
Run underprivileged user:
(+) doesnt waste extra resources
(+) sandbox directory is just a plain directory
(?) cant limit cpu and memory?
(?) dont know if it's secure enough...
Any other way?
Server running Fedora Core 8, the "other" codes written in Java & C++
Not sure about how much effort you want to put into this thing but could you run Xen like the VPS web hosts out there?
http://www.xen.org/
This would allow full root access on their little piece of the server without compromising the other users or the base system.
try using lxc as a container for your apache server
Use Ideone API - the simplest way.
Try learning a little about setting up policies for SELinux. If you're running a Red Hat box, you're good to go since they package it into the default distro.
This will be useful if you know the things to which the code should not have access. Or you can do the opposite, and only grant access to certain things.
However, those policies are complicated, and may require more investment in time than you may wish to put forth.
Check out
ulimitand friends for ways of limiting the underprivileged user's ability to DOS the machine.In my opinion, allowing running native code on your system in the first place is not a good idea from security point of view. Maybe you should reconsider allowing them to run native code, this will certainly reduce the risk.