how to execute c code securely

Question

In this scenario the user will submit his/her C code to my server through a browser. The code will then be compiled and executed on my server and the output will be sent to the

Answer 1

Other problem to think to : what rights to allow the guest process: is he allowed to open a socket ? If so , what traffic do you allow him ?

In the case you open a socket, then the problem becomes even more complex, because he can deliver an attack over that socket...

Answer 2

I cannot answer you for windows -- I can tell you for linux.

This is an extremly complex problem. You need to think to:

• quota limit
• process that compiles/executes the code to be runned as an unprivileged user.
• do not allow the process to run more than N seconds
• do not allow process to allocate too much memory

I can say that this is a long-term project that you can not finish correctly in a few weeks.

Answer 3

Your question is perhaps equivalent to the halting problem, and probably has no bullet proof answer (think of asm in malicious C code, forged function pointers, computed goto, buffer overflow trashing the return address, dlsym & dlopen, etc.).

As mentioned by Shawn in his comment (referring to this question), you could use sand-boxing techniques. Alinsoar's answer shows you the complexity of the issue.

Answer 4

You might consider using ideone API, some mobile devices software do so (CodeToGo for example)