Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tilpner/qeval
qemu+nix for code evaluation
https://github.com/tilpner/qeval
eval nix qemu qemu-kvm sandbox
Last synced: 3 months ago
JSON representation
qemu+nix for code evaluation
- Host: GitHub
- URL: https://github.com/tilpner/qeval
- Owner: tilpner
- Created: 2018-09-03T10:52:54.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2022-09-27T14:21:43.000Z (over 2 years ago)
- Last Synced: 2024-10-04T19:07:37.551Z (4 months ago)
- Topics: eval, nix, qemu, qemu-kvm, sandbox
- Language: Nix
- Homepage: https://git.tx0.co/qeval
- Size: 34.2 KB
- Stars: 7
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# qeval
qeval is a toy to safely-ish (beware bugs and hardware limitations) execute malicious/untrusted code.
It's inspired by [shbot](https://github.com/geirha/shbot), but none of the code was taken from there.
There are currently evaluators for
* Perl 5
* Rust nightly
* Go
* C (gcc)
* C (tcc)
* C++ (gcc)
* Java (openjdk)
* Python 3
* Python 2
* Ruby
* Bash
* Ash (from busybox)
* NodeJS
* Lua
* PHP
* Racket
* Guile
* Haskell
* Qalculate (which doesn't really need the sandboxing)
Perl is currently the fastest evaluator, taking 0.16s on my laptop for a simple `print 42`.
### Example usage
```sh
# This may build Linux, QEMU, and Perl. Use evaluators.sh if you're impatient
$ cd $(nix-build --no-out-link . -A evaluators.all)
$ bin/sh id
uid=0(root) gid=0 groups=0
```
### Todo
* Disk hotplug to reduce amount of disk suspensions (and be able to mlock the remaining one)
* More sophisticated control processes
* Quicker abort when output has reached size limit
* Report exit status, memory usage (and OOM), other statistics (count syscalls?)
* Multi-line input