-1

I am making a .NET web application which accepts python code from user and executes it on the server by giving command to command line. But using os.remove(), i am able to delete the files present on the drive through that python code. Kindly tell me how can i safeguard the server so that no file can be edited or deleted by any user.

PS: If the solution is to use any third party software, my budget will allow only free ones. Thanks in advance.

It's a trap
  • 105
  • 6
  • This more application development than system administration. The typical approach to ensure that rather than running random code natively (without complex validation) is to run it complete isolation, such as within a container (Docker). Look for instance at https://en.wikipedia.org/wiki/Cloud9_IDE – HBruijn Aug 31 '16 at 20:08

1 Answers1

2

You could setup a jail/chroot/sandbox sort of like with Unix OSs

This question has several methods listed as answers

Is there a windows equivalent to chroot?

Community
  • 1
Ryan Babchishin
  • 6,160
  • 2
  • 16
  • 36
  • Hi. The answers there are responding to threats from installed applications. But how can i use them to protect the server from the process python.exe/the python code? – It's a trap Aug 27 '16 at 04:36
  • @RachitGupta What's the difference? A chroot/sandbox whatever you want to call it keeps a process separate from other processes/files. So, python can't mess up other stuff on your system. Isn't that what you're asking for? – Ryan Babchishin Aug 27 '16 at 04:43
  • So it means that i will install python compiler as a virtual app. Ex-i am using microsoft app-v. So if i install python compiler as a virtual app, then no one will be able to delete/edit files? – It's a trap Aug 27 '16 at 04:50
  • @RachitGupta Sorry, I can't tell you step by step instructions. I don't normally run Windows and besides we're not supposed to do that on SF. – Ryan Babchishin Aug 27 '16 at 05:06
  • for production, i will use aspnet core with linux. This is for dev/test only. thanks – It's a trap Aug 27 '16 at 05:14
  • Application design is not appropriate for server fault. Perhaps stackoverflow might be better suited. –  Aug 27 '16 at 05:37
  • @yoonix I couldn't find a similar question on SO, so i wrote it down here. – It's a trap Aug 27 '16 at 06:10