linux - Secure way to run other people code (sandbox) on my server? -


I want to create a web service that runs locally locally ... Naturally, Some "sandbox" directories want to limit access to the code, and they are not able to connect to other parts of their servers (DB, main webserver, etc.)

What is the best way to do this ?

Run VMware / Virtualbox:

(+) I think it is as safe as it is to be safe .. even if the management of a "hack" They only hack guest machine

(+) CPU & amp; Memory Process

(+) Easy to setup .. Just VM

(-) Make the sandbox directory harder to "connect" from host to guest

Play non-deprived users:

(+) does not ruin additional resources

P>

(+) The sandbox directory is just a plain directory

(?) Cant Limit CPU and Memory?

(?) Do not know that it is quite safe ...

Any other way?

The server is running Fedora Core 8, "Other" Java & amp;

    1. running under unauthorized user Still allows a local assailant.
    2. Permission to execute code in VM can also be unsafe; The attacker can gain access to the host system, as shown recently.

    In my opinion, allowing the first place to run the original code on your system is not a good idea for security points. Maybe you should reconsider allowing them to run the original code, it will definitely reduce the risk.


    Comments

    Post a Comment