blob: 63ee4624cc2056c55a1cc71e174fde6e2dba9bc0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
# qeval
qeval is a toy to safely-ish (beware bugs and hardware limitations) execute malicious/untrusted code.
It's inspired by [shbot](https://github.com/geirha/shbot), but none of the code was taken from there.
There are currently evaluators for
* Perl 5
* Rust nightly
* Go
* C (gcc)
* C (tcc)
* C++ (gcc)
* Java (openjdk)
* Python 3
* Python 2
* Ruby
* Bash
* Ash (from busybox)
* NodeJS
* Lua
* PHP
* Racket
* Guile
* Haskell
* Qalculate (which doesn't really need the sandboxing)
Perl is currently the fastest evaluator, taking 0.16s on my laptop for a simple `print 42`.
### Example usage
```sh
# This may build Linux, QEMU, and Perl. Use evaluators.sh if you're impatient
$ cd $(nix-build --no-out-link . -A evaluators.all)
$ bin/sh id
uid=0(root) gid=0 groups=0
```
### Todo
* Disk hotplug to reduce amount of disk suspensions (and be able to mlock the remaining one)
* More sophisticated control processes
* Quicker abort when output has reached size limit
* Report exit status, memory usage (and OOM), other statistics (count syscalls?)
* Multi-line input
|