This repository was archived by the owner on Mar 13, 2019. It is now read-only.
This repository was archived by the owner on Mar 13, 2019. It is now read-only.
Code Sandboxing Useless #17
Description
This might not be a big issue if the Java sandbox is not your primary sandbox. But the sandbox in scalaEval can be trivially bypassed allowing an attacker to execute arbitrary code. You can contact me privately for details.
Regardless of how this is fixed I would recommend you use another form of sandboxing in addition to the java sandbox. LXC or apparmour might be good to look at. This is because:
a) it is difficult to get java sandboxing done correctly. JDK team can't do it so I wouldn't trust myself or anyone else to get it right.
b) even if you do it correctly the sandbox still might be popped by a JDK exploit.