13

I've researched this stuff a lot in the recent months but I can't grasp any solid basis on how they achieve running unsafe scripts in so many languages without a problem!

I'm sure they are running virtual machines since language specific sandboxes won't cut it, but what about white listing every language?

There has to be another restraint I'm not seeing.

kalina
  • 3,374
  • 5
  • 21
  • 36
alfa64
  • 231
  • 1
  • 4

1 Answers1

11

Codepad explains how they provide security on their about page:

codepad.org is an online compiler/interpreter. [...] The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits. [...]

Rather than rely on just the chroot and ptrace supervisor, I've taken some additional precautions:

  • The supervisor processes run on virtual machines, which are firewalled such that they are incapable of making outgoing connections.

  • The machines that run the virtual machines are also heavily firewalled, and restored from their source images periodically.

This seems like a reasonable strategy to me.

For more background on sandboxing technologies, see the following: What is sandboxing?, How can I restrict what an application can do with my computer?, Monitoring system calls (in a reliable and secure way), and Wikipedia's entry on chroot.

D.W.
  • 98,860
  • 33
  • 271
  • 588