Closed pyhedgehog closed 6 years ago
Good catch!
I've been preparing a new worker environment which has a lot more standard linux command line tools included ( grep / sed / cat / etc ). It's easy to securely add these.
I'll look into the issues regarding ps and kill and see what we can do about it. We require those tools to being able to cull zombie processes using tree kill, but we can probably do that from outside the worker env.
ps and kill can have valid usage in scripts - i.e. fork "background" task and kill it on timeout.
Also I should note that kill
is internal bash command that cannot be "deleted". Even --restricted
option while rendering shell unusable for scripting (it disallows redirects) doesn't disables kill
command.
@pyhedgehog -
I've added support for grep
, sed
, cat
, awk
, and even ps
.
We should now have much better support for isolation of user services. Each service now exists in it's own linux namespace using Google nsjail.
Please let me know if this works for you. I'm glad to improve support for Bash if you have more feature suggestions. Closing for now.
Thanks again for your feedback.
There are some configuration issues that renders
bash
language almost unusable. Right now only non-trivial command (except other languages) iscurl
. For any sophisticated bash programming it's not enough - at leastgrep
andsed
is required. Evencat
is not available. You can always replace them by something else, like [python](https://hook.io/marak/gateway-bash?source=python%20-c%20%22import%20sys;sys.stdout.write(open(sys.argv[1]).read())%22%20/bin/binaries/micro-bash), but this is not bash script - it's python script.