MasseGuillaume
commented
10 years ago That's a good point. A second layer of sand-boxing was on my todo list via contianers (LXC).
Open benmmurphy opened 10 years ago
MasseGuillaume
commented
10 years ago That's a good point. A second layer of sand-boxing was on my todo list via contianers (LXC).
This might not be a big issue if the Java sandbox is not your primary sandbox. But the sandbox in scalaEval can be trivially bypassed allowing an attacker to execute arbitrary code. You can contact me privately for details.
Regardless of how this is fixed I would recommend you use another form of sandboxing in addition to the java sandbox. LXC or apparmour might be good to look at. This is because:
a) it is difficult to get java sandboxing done correctly. JDK team can't do it so I wouldn't trust myself or anyone else to get it right. b) even if you do it correctly the sandbox still might be popped by a JDK exploit.