Question

I am totally new to server security and I am working on a project that makes me think that I need to take that seriously from the beginning to avoid problems.

I am creating an app for students to run python/perl codes from a web browser. Basically they will write their source code on the front end, when they submit a temporary file will be created on the server and a command will be executed ad then the file created will be destroyed after killing the process once finished.

Although it seems straightforward, I would like to be more secure about it. I would like to put all submitted codes to a container that it will be difficult to escape from, and with reduced privileges not accessing the system.

I was reading about a lot of things like Sandoxes, Jail, AppArmor etc but for a newbie it is hard to get through all this especially with a documentation that is not familiar.

Is there any clear documentation on how to sandbox user's codes/ scripts, a kind of step by step tutorial to follow

Thanks

Was it helpful?

Solution

I think LXC will be ideal for your use case. Check out https://help.ubuntu.com/community/LXC

It is a very light weight virtualization container.

Good folks @ Digital Ocean have written a tutorial on how to use it- https://www.digitalocean.com/community/articles/getting-started-with-lxc-on-an-ubuntu-13-04-vps

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top