Hacker News new | past | comments | ask | show | jobs | submit login 

  cat /etc/passwd

  root:x:0:0:root:/root:/bin/bash
  bin:x:1:1:bin:/bin:/sbin/nologin
  daemon:x:2:2:daemon:/sbin:/sbin/nologin
  adm:x:3:4:adm:/var/adm:/sbin/nologin
  lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  sync:x:5:0:sync:/sbin:/bin/sync
  shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  halt:x:7:0:halt:/sbin:/sbin/halt
  mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  operator:x:11:0:operator:/root:/sbin/nologin
  games:x:12:100:games:/usr/games:/sbin/nologin
  ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  nobody:x:99:99:Nobody:/:/sbin/nologin
  systemd-timesync:x:999:998:systemd Time Synchronization:/:/sbin/nologin
  systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
  systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
  dbus:x:81:81:System message bus:/:/sbin/nologin
  polkitd:x:998:997:User for polkitd:/:/sbin/nologin
  rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
  abrt:x:173:173::/etc/abrt:/sbin/nologin
  sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  cockpit-ws:x:997:995:User for cockpit-ws:/:/sbin/nologin
  rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
  nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
  tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
  chrony:x:996:994::/var/lib/chrony:/sbin/nologin
  tcpdump:x:72:72::/:/sbin/nologin
  systemd-coredump:x:993:993:systemd Core Dumper:/:/sbin/nologin
  apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
  epmd:x:992:991:Erlang Port Mapper Daemon:/dev/null:/sbin/nologin
  runner:x:1000:1000::/home/runner:/bin/bash
  tio:x:1001:1001::/home/tio:/bin/bash



Just because /etc/passwd can be read doesn't mean there is no sandboxing - it's just not too restrictive, probably to allow many programming languages to run (bash is one of languages after all - so process execution has to be allowed). Just having access to /etc/passwd doesn't mean the service is hacked. Check other tools like this like ideone, they allow you to read /etc/passwd as well.

Try running `ps aux` for instance and notice that you can only notice runner's processes. Try writing a file in your home, and notice that it doesn't persist between runs. Run a process in background, it doesn't stay running. Essentially every change to the runner (account on which scripts are running) is undone after provided script is done running.


Some interpreters absolutely require being able to read /etc/passwd, as they use it to determine the user's home directory for some reason.

Since /etc/passwd, despite what the name suggests, doesn't actually contain sensitive information, I don't consider this an issue.


Just a comment overall, I bookmarked the site and think it's great.

Is it a good idea to present a site that compiles and runs code on a remote server to a site dedicated to hackers? :)


This was my first thought: sandboxing is gonna be tricky for such project.


Not really, with SELinux, which is what TIO uses. TIO can be deployed pretty much anywhere SEL is supported. Instructions here: https://github.com/TryItOnline/tiosetup


It has Bash - no need for Python subprocess shenanigans.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: