Adam D. Ruppe wrote: >> Sorry to harp on security issues, but what are you doing to protect >> yourself from those compile and run arbitrary code >> boxes? > > It runs a separate process which is suid'd to a single purpose > restricted user that only has access to one directory and a > number of ulimits in force. So they could in theory write evil > things, but the operating system won't let it gain much ground. > > I'm currently setting up a separate virtual machine on a different > domain to handle that, so even if they broke it, the system > is completely expendable anyway. > > Problems with this would be if someone wanted to set up a network > spammer or a CPU eater. Perhaps a cron job that loops around > killing processes would help with that. > > > I need to think about it some more. Redirecting the user to > ideone might end up being the best solution (or dropping the > feature) but I want to shoot for something higher first.
ideone also has an api you can use, instead of just redirecting