Secure way to run other people code (sandbox) on my server?

Posted by amikazmi on Stack Overflow See other posts from Stack Overflow or by amikazmi
Published on 2009-04-27T09:09:13Z Indexed on 2011/01/15 6:53 UTC
Read the original article Hit count: 151

Filed under:
|
|
|

I want to make a web service that run other people code locally... Naturally, I want to limit their code access to certain "sandbox" directory, and that they wont be able to connect to other parts of my server (DB, main webserver, etc)

Whats the best way to do it?

Run VMware/Virtualbox:

(+) I guess it's as secure as it gets.. even if someone manage to "hack".. they only hack the guest machine

(+) can limit the cpu & memory the process uses

(+) easy to setup.. just create the VM

(-) harder to "connect" the sandbox directory from the host to the guest

(-) wasting extra memory and cpu for managing the VM

Run underprivileged user:

(+) doesnt waste extra resources

(+) sandbox directory is just a plain directory

(?) cant limit cpu and memory?

(?) dont know if it's secure enough...

Any other way?

Server running Fedora Core 8, the "other" codes written in Java & C++

© Stack Overflow or respective owner

Related posts about linux

Related posts about security