aboutsummaryrefslogtreecommitdiff

qeval

qeval is a toy to safely-ish (beware bugs and hardware limitations) execute malicious/untrusted code. It's inspired by shbot, but none of the code was taken from there.

There are currently evaluators for

  • Perl 5
  • Rust nightly
  • Go
  • C (gcc)
  • C (tcc)
  • C++ (gcc)
  • Java (openjdk)
  • Python 3
  • Python 2
  • Ruby
  • Bash
  • Ash (from busybox)
  • NodeJS
  • Lua
  • PHP
  • Racket
  • Guile
  • Haskell
  • Qalculate (which doesn't really need the sandboxing)

Perl is currently the fastest evaluator, taking 0.16s on my laptop for a simple print 42.

Example usage

# This may build Linux, QEMU, and Perl. Use evaluators.sh if you're impatient
$ cd $(nix-build --no-out-link . -A evaluators.all)
$ bin/sh id
uid=0(root) gid=0 groups=0

Todo

  • Disk hotplug to reduce amount of disk suspensions (and be able to mlock the remaining one)
  • More sophisticated control processes
  • Quicker abort when output has reached size limit
  • Report exit status, memory usage (and OOM), other statistics (count syscalls?)
  • Multi-line input