qeval
qeval is a toy to safely-ish (beware bugs and hardware limitations) execute malicious/untrusted code. It's inspired by shbot, but none of the code was taken from there.
There are currently evaluators for
- Perl 5
- Rust nightly
- Go
- C (gcc)
- C (tcc)
- C++ (gcc)
- Java (openjdk)
- Python 3
- Python 2
- Ruby
- Bash
- Ash (from busybox)
- NodeJS
- Lua
- PHP
- Racket
- Guile
- Haskell
- Qalculate (which doesn't really need the sandboxing)
Perl is currently the fastest evaluator, taking 0.16s on my laptop for a simple print 42
.
Example usage
# This may build Linux, QEMU, and Perl. Use evaluators.sh if you're impatient
$ cd $(nix-build --no-out-link . -A evaluators.all)
$ bin/sh id
uid=0(root) gid=0 groups=0
Todo
- Disk hotplug to reduce amount of disk suspensions (and be able to mlock the remaining one)
- More sophisticated control processes
- Quicker abort when output has reached size limit
- Report exit status, memory usage (and OOM), other statistics (count syscalls?)
- Multi-line input