1

We have a application which takes a C++, C, or Java file as input, executes it, and displays the output to the client. What are the best measures that can be taken so that no security related issues occur in the server in which program is executed. For example, the C++ program can open an fstream and create a custom file on our server

I know some practices like:

  1. Running it as normal user
  2. Writing our own sandbox scripts which do not allow system calls, etc.

Which is the best way to do this?

Improve this question

3 Answers 3

Reset to default
4

Run it on a decicated computer just for these tasks or in virtual.

Improve this answer
1
  • dude i want to essentially protect the data in my application as well.I know I can create jailed environment inside my server and protect it or as you suggested run it on dedicated server but this protect the server from this application which leaves application to danger Commented Jan 13, 2013 at 19:13
1

Compile, then execute as a dedicated user in a chroot environment that contains only the necessary libraries.

Improve this answer
0
1

What about SELinux?

SELinux can potentially control which activities are allowed for each user, process and daemon, with very precise specifications

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.