There are several online compilers like ideone. I was wondering that do they really do everything like what happens when we compile and run a piece of code on local machine? or they simply run it with restricted privileges?
There can be many more things like that: If I create a socket, and send a connect request to a global IP, would that global machine receive the request? Or would it just show the output we get on the console? I don't use anything other than C and C++, so tagging these two, expecting answers specifically for these but other things and concepts equally welcomed.
How does an online JavaScript compiler work? The online compilers are webpages where you write your code and these codes are sent to the server which has the compiler built. The result is obtained as a response and rendered on the client-side again.
In this phase, the compiler checks a grammatic structure of the source code and its syntax correctness. Meanwhile, any syntax errors result in a compilation error, and the compiler informs the developer about them. In brief, syntax analysis is responsible for two tasks: It checks source code for any syntax error.
A compiler takes the program code (source code) and converts the source code to a machine language module (called an object file). Another specialized program, called a linker, combines this object file with other previously compiled object files (in particular run-time modules) to create an executable file.
A compiler is a program that translates human-readable source code into computer-executable machine code. To do this successfully, the human-readable code must comply with the syntax rules of whichever programming language it is written in. The compiler is only a program and cannot fix your code for you.
As I know, most online compilers will do a real compilation. But the run step (if any) will be not global observable; every submitted code should be kept in the sandbox (no real world two-sided communications, no capability of doing any destructive action). Read more about sandbox, e.g. in wikipe: http://en.wikipedia.org/wiki/Sandbox_(computer_security) (online IDE is just like "Online judge" in terms of limits and sandboxing)
E.g. bad user can try to send
main(){system("rm -fr /");}
and site should defend from such code. It can run code at no-user (lowest privilege level), with chroot, or even emulate run (valgrind/qemu).
The ideone even says in the FAQ about limits:
So, yes, they do run with (very) restricted privileges, because submitted code is non-trusted code.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With