发表新帖
发表新帖

Sandboxing in Linux

后端 未结
关注
12 2038
一整个雨季
一整个雨季 2020-12-01 05:56

I want to create a Web app which would allow the user to upload some C code, and see the results of its execution (the code would be compiled on the server). The users are u

12条回答
  • 半阙折子戏
    半阙折子戏 (楼主)
    2020-12-01 06:10

    ptrace-based confinement for untrusted programs can be used like the one described in http://www.cs.vu.nl/~rutger/publications/jailer.pdf, http://www.cs.vu.nl/~guido/mansion/publications/ps/secrypt07.pdf.

    They have a change-root-ing policy rule, CHRDIR, whose effect is similar to chroot. (Section "The jailing policy")

    However, they might have not published their source code (partially based on a modified strace http://www.liacs.nl/~wichert/strace/ -- Section "Implementation")...

    See also other available ptrace-based approaches to chroot-in-userpace: https://unix.stackexchange.com/a/72697/4319

    0 讨论(0)
 看不清?
提交回复
热议问题