Is it possible to design a compiler that can safely compile and run untrusted code?
As a practical example, I want to know how the online compilers are designed/programmed?(Like the one on codepad.org) Are they similar to our traditional day-to-day compiler. How they are hosted on servers?
Asked By : Andy
Answered By : Realz Slaw
This question is asked on stackoverflow:
How do sites like codepad.org and ideone.com sandbox your program
A short summary from the answers:
- Using geordi (codepad does this)
- Systrace
- Virtualization (VM)
- OS level jailing functionality
- AppArmor, SELinux
- Restrict compiler access to headers/libraries
- Restrict interpreter access to libraries
- Static analysis
- libsandbox
A more theoretical answer would be that it is possible to restrict all calls out of the program, (syscalls, function calls etc.), in a manner similar to how native client works, if you have control of the compiler (and even moreso, if you control the CPU and OS). For time and memory consumption, you can simply have have cut-offs that would kill the compilation process/running program. This should only leave you vulnerable to bugs in the compiler, runtime libs, and the OS/hardware level; which a VM can mostly eliminate the danger of.
Best Answer from StackOverflow
Question Source : http://cs.stackexchange.com/questions/16037
0 comments:
Post a Comment
Let us know your responses and feedback