Berger Fotso efbeka

## gist:4558210
Email from @bradleymeck
-----------------------

A while back I discussed the problems with the node-sandbox module, I wrote a solution, but it broke on newer v8s, have not spent the time to track down the problem. Even then serious care must always be taken to not allow remote code execution. I know ways that horrify people using just type coercion. But lets get down to the truth of security:

Go to the OS. Do not trust scrubbing things yourself and always enforce OS level security if you are serious. Here are the basics:

1. put people in a jail of some kind (kernel namespaces, classic fs jail, etc. according to needs)
2. strip them of ALL permissions possible (this also includes knowing how FS permissions work (ie, drop them to a low level folder they do not have access to, then put something inside for them to play in))
3. put them in a different process that is started in a detached state

## gist:3781406
#!/usr/bin/env node

var net = require('net')
  , repl = require('repl')
  ;

var mood = function () {
  var m = [ '^__^', '-__-;', '>.<', '<_>' ];

  return m[Math.floor(Math.random() * m.length)] ;

## gist:3757644
/*jshint node:true strict:true laxcomma:true es5:true*/

"use strict";

var http = require('http')
  , Stream = require('stream')
  , fs = require('fs')
  , path = require('path')
  , server
  ;
	Email from @bradleymeck
	-----------------------

	A while back I discussed the problems with the node-sandbox module, I wrote a solution, but it broke on newer v8s, have not spent the time to track down the problem. Even then serious care must always be taken to not allow remote code execution. I know ways that horrify people using just type coercion. But lets get down to the truth of security:

	Go to the OS. Do not trust scrubbing things yourself and always enforce OS level security if you are serious. Here are the basics:

	1. put people in a jail of some kind (kernel namespaces, classic fs jail, etc. according to needs)
	2. strip them of ALL permissions possible (this also includes knowing how FS permissions work (ie, drop them to a low level folder they do not have access to, then put something inside for them to play in))
	3. put them in a different process that is started in a detached state
	#!/usr/bin/env node

	var net = require('net')
	, repl = require('repl')
	;

	var mood = function () {
	var m = [ '^__^', '-__-;', '>.<', '<_>' ];

	return m[Math.floor(Math.random() * m.length)] ;
	/jshint node:true strict:true laxcomma:true es5:true/

	"use strict";

	var http = require('http')
	, Stream = require('stream')
	, fs = require('fs')
	, path = require('path')
	, server
	;