Codepad.org网站的原理是什么?
What is the principle of Codepad.org website?
想知道Codepad.org网站的原理。 (在线C编译原理)
我觉得原理是按照下面的步骤来的
用户提交C代码。
网站发送到安装在服务器上的 GCC。
GCC编译代码。
GCC return 字符串并发送到网站(网络服务器)
网络服务器 return 给用户的字符串。
这样的步骤对吗?
那么,如何防范恶意代码,如删除服务器所有文件?
Code execution is handled by a supervisor based on geordi. The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits. The supervisor is written in Haskell.
另外:
Paranoia
When your app is remote code execution, you have to expect security problems. Rather than rely on just the chroot and ptrace supervisor, I've taken some additional precautions:
The supervisor processes run on virtual machines, which are firewalled such that they are incapable of making outgoing connections.
The machines that run the virtual machines are also heavily firewalled, and restored from their source images periodically.
想知道Codepad.org网站的原理。 (在线C编译原理)
我觉得原理是按照下面的步骤来的
用户提交C代码。
网站发送到安装在服务器上的 GCC。
GCC编译代码。
GCC return 字符串并发送到网站(网络服务器)
网络服务器 return 给用户的字符串。
这样的步骤对吗? 那么,如何防范恶意代码,如删除服务器所有文件?
Code execution is handled by a supervisor based on geordi. The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits. The supervisor is written in Haskell.
另外:
Paranoia
When your app is remote code execution, you have to expect security problems. Rather than rely on just the chroot and ptrace supervisor, I've taken some additional precautions:
The supervisor processes run on virtual machines, which are firewalled such that they are incapable of making outgoing connections.
The machines that run the virtual machines are also heavily firewalled, and restored from their source images periodically.