How to prevent exec from performing write operations?

Asked Mar 09 '18 at 15:43

Active Mar 09 '18 at 16:15

Viewed 48 times

I am trying to build an online compiler for various languages. Here is a snippet of what I am trying to do.

const util = require('util');
const exec = util.promisify(require('child_process').exec);

exec('node node_temp.js').then(result => {
    console.log(result);
})
.catch(err => {
    console.log(err);
});

So in case of JavaScript(Node).The user will type in some code and send it via a POST request, then the code will be copied into node_temp.jsand then will be executed.

Now there is a chance that the user might use fs or any other means to delete all the files in system. How do I prevent my exec() function to modify any system files.

Some answers suggest using vm or vm2. I have used both, although it creates a new sandbox, the exec command still gives access to the manipulate local files.

edited Mar 09 '18 at 16:15

asked Mar 09 '18 at 15:43

Gurleen Sethi

3,162
6
26
48

provide a button to compile and run the code don't let the user input the command. Azure already provide such facility how much I know. In case of Linux or Mac you have to create proper administrative structure in your system so the user can not modify anything . – Saikat Hajra Mar 09 '18 at 15:48
Also: https://stackoverflow.com/questions/45767337/running-untrusted-javascript-code-on-server-in-sandbox – T.J. Crowder Mar 09 '18 at 15:48

How to prevent exec from performing write operations?

0 Answers0