问题
This is just my small little hobby project in PHP. I use 0sites.org Server (Linux OS). I am basically try to imitate functionalities of http://www.codepad.org, http://www.ideone.com. I am trying to have an online compiler/interpreter for some lanuages.
As of now, I can compile/run the applications with PHP exec(..), but I am really unsure as to how I am going to filter out harmful function calls like C/C++ system(..). Also, I have little idea how I am going to prevent any network access.
I also a planning to add few more languages. It would be difficult to implement things specific to every language. I am wondering if there is a way I could stop things at a more general level.
I have thought on the lines of parsing the code manually and comment out the problematic lines of code. But since there is usually more than one way to do things, this can be broken. :-P
Any ideas/suggestions/pointers ? I shall be highly grateful for the same. :-)
(PS: This is just a hobby project. I just want to make it as professional as possible.. )
回答1:
You probably really need OS support for creating these sandboxes. Any approach involving filtering the source code is going to have security problems, and will be a nightmare to maintain.
Just think: Even if you implement your parser completely correctly, there could be a bug in PHP's parser, so it parses slightly differently. That could easily allow someone to run system, exec, etc. and completely get around your filtering.
You have not stumbled across a hobby project; you have stumbled across a research project.
edit 1
The sanest way I can think of to do this without OS support is to patch PHP (but you'd be working in C then, not PHP), or to re-implement PHP in PHP. But keep in mind how crazy this is. Are you sure you know what the countless libraries linked in may do, especially when given funny arguments? E.g., you may want to disallow writing to files, but allow MySQL. Except MySQL has SQL commands that write to arbitrary files.
http://codepad.org/about says its done with OS support. Maybe you can make yourself a ptrace module for PHP, and implement yours in a similar way.
回答2:
A suggestion is to make sure the user that will be running those scrips wouldn't be able to read/write anything but the folder in which it will run. Also, the application itself shouldn't be writable by that user.
来源:https://stackoverflow.com/questions/4501904/prevent-application-from-introducing-harmful-changes-on-the-server-side