Is there a safe way to execute code from users/clients in C++?

Question

users/clients compile their C++ code to dynamic library(e.g. libuser.so) and upload to servers on Linux(x64).

Server process opens libuser.so and calls functions in it.

How to prevent server process core dump(and other errors) from any errors of libuser.so?
How to control the resources of libuser.so can access? (e.g. Memory, disk, and CPU)
Maybe there are some evil users/clients.

@πάνταῥεῖ maybe google's native client is ok, but I want a lightweight solution. — songhir, Sep 17 '15 at 15:06
I've definitely never tried anything like this, so this is just a thought... but would it be possible to spawn a process with a different set of privileges (I think windows allows you to spawn a process with a lower integrity level... not sure about linux) and then load the .so from that process? — RyanP, Sep 17 '15 at 15:16
On Linux, you could try a combination of cgroups and namespaces (perhaps via a ready-made library) for resource isolation. — Kerrek SB, Sep 17 '15 at 15:18

score 3 · Answer 1 · answered Sep 17 '15 at 15:19

There is no 100% safe scenario, but usually it goes along following lines:

Dedicate a special user for this kind of activity
restrict everything for this user
whenever libuser needs to be executed, spawn a new process as this special user, chroot into sandbox and pray :

score 0 · Answer 2 · answered Sep 17 '15 at 15:27

In addition to SergeyA answer I would recommend to execute code on a virtual machine using vmware or virtualbox or something like that. You probably can create a new virtual machine per user, per session (that would be probably too expensive) etc, share some path, copy libuser.so there and use RPC to make a call and get results back.

Using https://www.docker.com/ instead of vmware etc will probably simplify creating new virtual machine and make it cheaper.

Is there a safe way to execute code from users/clients in C++?

2 Answers2