I'm planning to build a web application that will let the user write his own code, compile and test it in-browser, like phpFiddle, or Golang's tour
- I am aware that securing a server like this will be difficult.
- I know I could try to secure it by restricting access to the VM's standard lib (and I probably will), but I am aware that this isn't enough protection for all kinds of attacks, so it isn't a real protection at all.
Here's how I'm thinking about handling it:
- Master-slave configuration, with the slave servers only being accessible by the master one. The slaves will run a server that will spawn the compiler process in a chroot jail, as requested, and impose a timeout, so it will kill the application if it runs longer than a specified time.
- With the user-bound chroot, I can have a good control over what the user can access (specially since my target language doesn't have many dependencies), but I am sure that there are still rough edges left, for example:
- How can I protect against the untrusted program running other independent processes? Is there a good way to deny a process to fork, or spawn any other processes?
- What are other possible attack routes I may have overlooked?
I've made some searches to find good linux-based sandboxes, and while they seem quite nice, it seems to be a little bit of overkill to me, since my slave servers can be considered a sandbox by themselves, as I will dedicate them to the task of compiling/running the requested codes. That's why I'm asking this here and not in Serverfault, as it seems more programming-related than Server configuration-related.
