security hardening - Githubissues

scalacenter / scastie

An interactive playground for Scala

https://scastie.scala-lang.org

Apache License 2.0

431 stars 105 forks source link

security hardening #200

Open MasseGuillaume opened 7 years ago

MasseGuillaume commented 7 years ago

Some tips from hacker news: (https://news.ycombinator.com/item?id=14375888)

https://github.com/wsargent/docker-cheat-sheet#security
Jessica McKellar: Building and breaking a Python sandbox - PyCon 2014 https://www.youtube.com/watch?v=sL_syMmRkoU
SELinux https://news.ycombinator.com/item?id=14245428

mbovel commented 2 years ago

Running as a non-root user seems like good first step.

Could the JVM's SecurityManager be useful as well?

vincenzobaz commented 2 years ago

here a new, non-root user is set up for the container. Is it actually used? This might be unintended behavior

OlegYch commented 2 years ago

Running as a non-root user seems like good first step.

Could the JVM's SecurityManager be useful as well?

we used to use SecurityManager in https://github.com/OlegYch/scastie_old but it is full of wholes and very restrictive at the same time currently docker works fine, but it would be nice to implement some kind of per user/ip time limits to prevent denial of service attacks