In this scenario the user will submit his/her C code to my server through a browser. The code will then be compiled and executed on my server and the output will be sent to the
Other problem to think to : what rights to allow the guest process: is he allowed to open a socket ? If so , what traffic do you allow him ?
In the case you open a socket, then the problem becomes even more complex, because he can deliver an attack over that socket...
I cannot answer you for windows -- I can tell you for linux.
This is an extremly complex problem. You need to think to:
I can say that this is a long-term project that you can not finish correctly in a few weeks.
Your question is perhaps equivalent to the halting problem, and probably has no bullet proof answer (think of asm
in malicious C code, forged function pointers, computed goto, buffer overflow trashing the return address, dlsym
& dlopen
, etc.).
As mentioned by Shawn in his comment (referring to this question), you could use sand-boxing techniques. Alinsoar's answer shows you the complexity of the issue.
You might consider using ideone API, some mobile devices software do so (CodeToGo for example)