Closed pyhedgehog closed 6 years ago
Marak
commented
7 years ago Good catch!
I've been preparing a new worker environment which has a lot more standard linux command line tools included ( grep / sed / cat / etc ). It's easy to securely add these.
I'll look into the issues regarding ps and kill and see what we can do about it. We require those tools to being able to cull zombie processes using tree kill, but we can probably do that from outside the worker env.
pyhedgehog
commented
7 years ago ps and kill can have valid usage in scripts - i.e. fork "background" task and kill it on timeout.
Also I should note that kill is internal bash command that cannot be "deleted". Even --restricted option while rendering shell unusable for scripting (it disallows redirects) doesn't disables kill command.
Marak
commented
6 years ago @pyhedgehog -
I've added support for grep, sed, cat, awk, and even ps.
We should now have much better support for isolation of user services. Each service now exists in it's own linux namespace using Google nsjail.
Please let me know if this works for you. I'm glad to improve support for Bash if you have more feature suggestions. Closing for now.
Thanks again for your feedback.
There are some configuration issues that renders
bashlanguage almost unusable. Right now only non-trivial command (except other languages) iscurl. For any sophisticated bash programming it's not enough - at leastgrepandsedis required. Evencatis not available. You can always replace them by something else, like [python](https://hook.io/marak/gateway-bash?source=python%20-c%20%22import%20sys;sys.stdout.write(open(sys.argv[1]).read())%22%20/bin/binaries/micro-bash), but this is not bash script - it's python script.