Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is there a safe way to execute code from users/clients in C++? [duplicate]

Tags:

c++

linux

security

user-defined-functions

users/clients compile their C++ code to dynamic library(e.g. libuser.so) and upload to servers on Linux(x64).

Server process opens libuser.so and calls functions in it.

  1. How to prevent server process core dump(and other errors) from any errors of libuser.so?
  2. How to control the resources of libuser.so can access? (e.g. Memory, disk, and CPU)
  3. Maybe there are some evil users/clients.
like image 774
songhir Avatar asked Dec 07 '25 06:12

songhir

1 Answers

There is no 100% safe scenario, but usually it goes along following lines:

  • Dedicate a special user for this kind of activity
  • restrict everything for this user
  • whenever libuser needs to be executed, spawn a new process as this special user, chroot into sandbox and pray :
like image 100
SergeyA Avatar answered Dec 08 '25 18:12

SergeyA
Sign in to Comment

Related questions

Internal and external encoding vs. Unicode
How to catch keyboard layout change
Mouse events on a cairo context
How to specialize templated method in templated class?
CMake on FreeBSD doesn't see GL/gl.h in /usr/local/include
using TinyXML Parsing XML Elements

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!