This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Email from @bradleymeck | |
----------------------- | |
A while back I discussed the problems with the node-sandbox module, I wrote a solution, but it broke on newer v8s, have not spent the time to track down the problem. Even then serious care must always be taken to not allow remote code execution. I know ways that horrify people using just type coercion. But lets get down to the truth of security: | |
Go to the OS. Do not trust scrubbing things yourself and always enforce OS level security if you are serious. Here are the basics: | |
1. put people in a jail of some kind (kernel namespaces, classic fs jail, etc. according to needs) | |
2. strip them of ALL permissions possible (this also includes knowing how FS permissions work (ie, drop them to a low level folder they do not have access to, then put something inside for them to play in)) | |
3. put them in a different process that is started in a detached state |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env node | |
var net = require('net') | |
, repl = require('repl') | |
; | |
var mood = function () { | |
var m = [ '^__^', '-__-;', '>.<', '<_>' ]; | |
return m[Math.floor(Math.random() * m.length)] ; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*jshint node:true strict:true laxcomma:true es5:true*/ | |
"use strict"; | |
var http = require('http') | |
, Stream = require('stream') | |
, fs = require('fs') | |
, path = require('path') | |
, server | |
; |