Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

faking a filesystem / virtual filesystem

I have a web service to which users upload python scripts that are run on a server. Those scripts process files that are on the server and I want them to be able to see only a certain hierarchy of the server's filesystem (best: a temporary folder on which I copy the files I want processed and the scripts).

The server will ultimately be a linux based one but if a solution is also possible on Windows it would be nice to know how.

What I though of is creating a user with restricted access to folders of the FS - ultimately only the folder containing the scripts and files - and launch the python interpreter using this user.

Can someone give me a better alternative? as relying only on this makes me feel insecure, I would like a real sandboxing or virtual FS feature where I could run safely untrusted code.

like image 635
attwad Avatar asked Feb 28 '23 09:02

attwad


1 Answers

Either a chroot jail or a higher-order security mechanism such as SELinux can be used to restrict access to specific resources.

like image 187
Ignacio Vazquez-Abrams Avatar answered Mar 08 '23 03:03

Ignacio Vazquez-Abrams