1

I am trying to build an online compiler for various languages. Here is a snippet of what I am trying to do.

const util = require('util'); const exec = util.promisify(require('child_process').exec); exec('node node_temp.js').then(result => { console.log(result); }) .catch(err => { console.log(err); });

So in case of JavaScript(Node).The user will type in some code and send it via a POST request, then the code will be copied into node_temp.jsand then will be executed.

Now there is a chance that the user might use fs or any other means to delete all the files in system. How do I prevent my exec() function to modify any system files.

Some answers suggest using vm or vm2. I have used both, although it creates a new sandbox, the exec command still gives access to the manipulate local files.

Improve this question
2
  • provide a button to compile and run the code don't let the user input the command. Azure already provide such facility how much I know. In case of Linux or Mac you have to create proper administrative structure in your system so the user can not modify anything . Commented Mar 9, 2018 at 15:48
  • Also: stackoverflow.com/questions/45767337/… Commented Mar 9, 2018 at 15:48
Load 5 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.