erlc safety

orbitz <>
Thu May 4 01:02:01 CEST 2006


That might be a pain in the butt thouhg.  With a chrooted environment  
I need to include EVERYTHING required in running erlc.  And If i want  
to do this with a number of languages (haskell, c/c++, fortran, etc),  
that could be a real PITA and a lot of disk space (i don't believe I  
can use symlinks...)


On May 3, 2006, at 4:33 PM, Erik Garrison wrote:

>
> On Wed, 3 May 2006  wrote:
>
>> I am considering offering a webform for people to submit their code
>> and run it through erlc and output any compilation errors or if it
>> was successful.  What do I need to worry about in terms of
>> sandboxing?  I think the biggest security risk is -include.  -include
>> ("/etc/passwd") or something like that.  What should my concerns be?
>> Are there solutions to these problems?
>
> Would *nix user permissions solve this case?  You could just have a
> paralell environment (maybe a chrooted one) in which an otherwise
> unprivelaged user can compile, but not execute the resulting modules.
>
> -Erik




More information about the erlang-questions mailing list