Recent

Author Topic: please advise, how to allow guests to execute pascal on my server  (Read 3262 times)

Michael Collier

  • Sr. Member
  • ****
  • Posts: 301
Hi,

I've been using an online compiler for C++ here http://coliru.stacked-crooked.com/

I'd like to do similar for Pascal language, but the bit that worries me is how do I ensure that when users compile and execute code on my server, they don't do anything that could be "hostile" to the server (i.e. do bad things to my hard-drive/network etc).

Maybe by running the service under a specific username? I'm not a network/security expert so maybe this is where I need help, or maybe it is very easy :-) ..

I have a fresh install of debian9 that I could dedicate to trying this out, I have a bit of time over the weekend so could give it a first attempt ASAP if possible.

I can handle most of the other parts, I already allow users to compile code on my server, but I don't allow them to run it (they download it locally and run it). It is just the security aspect of running on the server that is the issue for me..

Thanks in advance..

Phil

  • Hero Member
  • *****
  • Posts: 2737
Re: please advise, how to allow guests to execute pascal on my server
« Reply #1 on: April 13, 2018, 03:36:32 pm »
I'd like to do similar for Pascal language, but the bit that worries me is how do I ensure that when users compile and execute code on my server, they don't do anything that could be "hostile" to the server (i.e. do bad things to my hard-drive/network etc).

That would be a nice resource to have and most other languages have sandboxes like this already.

Maybe check with the Coliru folks and see how they do it? It does look like they're actually compiling and running an executable on their server.

On Macs, one can set up a guest account with very limited access (eg, no e-mail, that sort of thing). Any files created are not saved, etc. One can even set "parental controls" (in a sense, with a Web site sandbox, you are a parent). Maybe you could do something similar on Linux.

Many languages have a REPL, but I don't think Pascal has anything like this. I assume that's how these Swift sandboxes work:

https://www.weheartswift.com/swift-sandbox/

https://repl.it/repls/AbandonedShadyEntropy

https://developer.apple.com/swift/blog/?id=18


Edit: Maybe if you don't want to use your own actual server, set up an AWS server that's dedicated to the sandbox. Try to lock it down as best you can, but at least any malicious stuff would be limited to that small, virtual server. It's free for a year, Linux or Windows server.

https://macpgmr.github.io/MacXPlatform/PascalDynLibs_4.html
« Last Edit: April 13, 2018, 03:40:48 pm by Phil »

Thaddy

  • Hero Member
  • *****
  • Posts: 14213
  • Probably until I exterminate Putin.
Re: please advise, how to allow guests to execute pascal on my server
« Reply #2 on: April 13, 2018, 04:16:02 pm »
You can run the compiler as a cgi application (this is already possible without changes), if needed in a chrooted environment, and with a limited webserver to serve output and accept input..
Apart from some tests by me there are at least three others that run or have run fpc like that. One of them is member L505 and https://www.tutorialspoint.com/compile_pascal_online.php or (same) http://www.compileonline.com/compile_pascal_online.php and https://ideone.com.

I used Freepascal's template engine to serve the results.
« Last Edit: April 13, 2018, 04:18:15 pm by Thaddy »
Specialize a type, not a var.

Phil

  • Hero Member
  • *****
  • Posts: 2737

Phil

  • Hero Member
  • *****
  • Posts: 2737
Re: please advise, how to allow guests to execute pascal on my server
« Reply #4 on: April 13, 2018, 04:44:18 pm »
I'd like to do similar for Pascal language, but the bit that worries me is how do I ensure that when users compile and execute code on my server, they don't do anything that could be "hostile" to the server (i.e. do bad things to my hard-drive/network etc).

Idea: run the pas2js "transpiler" on the server, sending the resulting JavaScript to the user's browser. Now the compiler output is running in the user's browser, not on the server, meaning you already have a sandbox in place.

Thaddy

  • Hero Member
  • *****
  • Posts: 14213
  • Probably until I exterminate Putin.
Re: please advise, how to allow guests to execute pascal on my server
« Reply #5 on: April 13, 2018, 06:22:12 pm »
[ideone.com appears to use gpc, not fpc.

No you can choose either fpc or gpc. fpc is the first, gpc second in the list. Left-bottom vs Right-top. That may have confused you.

All of these sites run the compilers as cgi making use of the console input/output . It is rather easy to do.
« Last Edit: April 13, 2018, 06:45:22 pm by Thaddy »
Specialize a type, not a var.

 

TinyPortal © 2005-2018