Wed May 3 22:33:35 CEST 2006
On Wed, 3 May 2006 wrote:
> I am considering offering a webform for people to submit their code
> and run it through erlc and output any compilation errors or if it
> was successful. What do I need to worry about in terms of
> sandboxing? I think the biggest security risk is -include. -include
> ("/etc/passwd") or something like that. What should my concerns be?
> Are there solutions to these problems?
Would *nix user permissions solve this case? You could just have a
paralell environment (maybe a chrooted one) in which an otherwise
unprivelaged user can compile, but not execute the resulting modules.
More information about the erlang-questions