Reputation: 3403
How to let users run arbitrary source code on my server
I want to automate testing of my users' source code files by letting them upload c++,python, lisp, scala, etc. files to my linux machine where a service will find them in a folder and then compile/run them to verify that they are correct. This server contains no important information about any of my users, so there's no database or anything for someone to hack. But I'm no security expert so I'm still worried about a user somehow finding a way to run arbitrary commands with root privileges (basically I don't have any idea what sorts of things can go wrong). Is there a safe way to do this?
Upvotes: 1
Views: 307
Answers (3)
Reputation: 416
They will. If you give someone the power to compile, it is very hard not to escalate to root. You say that server is not important to you, but what if someone sends you an email from that server, or alters some script, to obtain some info on your home machine or another server you use?
At least you need to strongly separate you from them. I would suggest linux containers, https://linuxcontainers.org/ they are trendy these days. But be careful, this is the kind of service that is always dangerous, no matter how much you protect yourself.
Upvotes: 1
Reputation: 7061
Read more about chroot command in Linux.
This way you can provide every running user program with separate isolated container.
Upvotes: 1
Reputation: 1254
You should under no circumstances allow a user to run code on your server with root privileges. A user could then just run rm –rf / and it would delete everything on your server.
I suggest you make a new local user / group that has very limited permissions, e.g. can only access one folder. So when you run the code on your server, you run it in that folder, and the user can not access anything else. After the code has finished you delete the content of the folder. You should also test this vigorously to check that they really cant destroy / manipulate anything.
If you're running on FreeBSD you could also look at Jails, which is sort-of a way of virtualization and limiting a user / program to that sandbox.
Upvotes: 0
Related Questions
- How can i accept and run user's code securely on my web app?
- Secure way to run other people code (sandbox) on my server?
- How can I give users the possibility to write scripts (in a secure way)?
- How can I restrict the access to my PHP source code?
- Make a Linux user able to include PHP code but not able to view it?
- Securely running user's code
- How to safely run user code on a website?
- Is there a safe way of allowing users to add their own PHP to my server?
- Running external code in a restricted environment (linux)
- Safely executing users' PHP scripts on the server