erlc safety

Erik Garrison <>
Wed May 3 22:33:35 CEST 2006


On Wed, 3 May 2006  wrote:

> I am considering offering a webform for people to submit their code
> and run it through erlc and output any compilation errors or if it
> was successful.  What do I need to worry about in terms of
> sandboxing?  I think the biggest security risk is -include.  -include
> ("/etc/passwd") or something like that.  What should my concerns be?
> Are there solutions to these problems?

Would *nix user permissions solve this case?  You could just have a
paralell environment (maybe a chrooted one) in which an otherwise
unprivelaged user can compile, but not execute the resulting modules.

-Erik



More information about the erlang-questions mailing list