Suggestion: New D front page
Adam D. Ruppe
destructionator at gmail.com
Sat Jan 29 16:27:04 PST 2011
> Sorry to harp on security issues, but what are you doing to protect
> yourself from those compile and run arbitrary code
> boxes?
It runs a separate process which is suid'd to a single purpose
restricted user that only has access to one directory and a
number of ulimits in force. So they could in theory write evil
things, but the operating system won't let it gain much ground.
I'm currently setting up a separate virtual machine on a different
domain to handle that, so even if they broke it, the system
is completely expendable anyway.
Problems with this would be if someone wanted to set up a network
spammer or a CPU eater. Perhaps a cron job that loops around
killing processes would help with that.
I need to think about it some more. Redirecting the user to
ideone might end up being the best solution (or dropping the
feature) but I want to shoot for something higher first.
More information about the Digitalmars-d
mailing list