gpt4 book ai didi

security - 在线解释器/编译器如何处理恶意代码?

转载 作者:行者123 更新时间:2023-12-04 10:44:35 25 4
gpt4 key购买 nike

就目前而言,这个问题不适合我们的问答形式。我们希望答案得到事实、引用或专业知识的支持,但这个问题可能会引起辩论、争论、投票或扩展讨论。如果您觉得这个问题可以改进并可能重新打开,visit the help center为指导。




8年前关闭。




在线代码解释器/编译器( jsfiddle.netjsbin.comideone.comcodepad.org 等)如何处理恶意代码,例如无限循环?

最佳答案

jsFiddle 只运行客户端代码(JavaScript)——它唯一能伤害的机器是你的(或查看你的 fiddle 的人)。
大多数浏览器都有检测无响应脚本(如无限循环)的功能,并为您提供停止脚本的选项。
然后还有像codepad.org这样的网站和 ideone.com ,它确实在本地机器上运行代码。
键盘网站

Code execution is handled by a supervisor based on geordi. The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits.

When your app is remote code execution, you have to expect security problems. Rather than rely on just the chroot and ptrace supervisor, I've taken some additional precautions:

  • The supervisor processes run on virtual machines, which are firewalledsuch that they are incapable of makingoutgoing connections.
  • The machines that run the virtual machines are also heavily firewalled,and restored from their source imagesperiodically.

关于security - 在线解释器/编译器如何处理恶意代码?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4893550/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com