Running (& compiling) untrusted user code

264 views Asked by At

I want to create a application that contains a feature that allows users to submit code and the server will compile and run it, similar to Ideone & Spoj. How do I do this securely in a scalable manner?

Partial Solutions I'm aware of:

IDEA 1 - 3rd Party Services

The Sphere Engine. However this costs a LOT of money!

I'm not aware of any open source application I can run on my server to achieve this, or a cheaper alternative. Please correct me if i'm wrong.

IDEA 2 - VM

This would be the next most sensible choice. However, I'm unsure how to implement it. For example let's say I created a VM and started to run the user's code. This would restrict damage on MY system, but not the damage on the VM, which other users would have to use. Does that mean I have to create a new VM each and every time I want to compile and run user's code (which clearly is not scalable - correct me if I'm wrong.

1

There are 1 answers

0
Jay Kominek On

Having not set up a thing, I assumed that services like TravisCI (which compiles code and runs it under test cases you provide), have a base virtual machine image, which boots up and processes your code. The next user to come along gets a separate VM booted from the same base image, your changes aren't stored.

So inside the VM, the user code can do whatever. All of its effects, except stuff written to the console will be erased at the end of the time limit.