1
xcatliu OP 想了想, GitHub 被我删了,免得被大家玩坏了。。。
已经汇报给 LeetCode 官方 |
2
xcatliu OP Hi,
First, thanks for reporting to us and deleting the github repo. We do appreciate that you take the time to report us and taking some possible security holes offline so evil minds won't take advantage of this to do something possibly malicious. I do realize that you are able to run shell commands, and this is perfectly okay. You can even run `cat /etc/passwd` and that's allowed. The reason is everything is run inside a sandbox which would not affect the host system. However, I do prefer not to show the internal working of how the user code is run as shown in the `ps aux` command, which may tell something to the user more than he/she needs to know. |
3
virusdefender 2016-01-23 23:58:36 +08:00
只能说 leetcode 应该是虚拟机运行的,有沙箱但沙箱限制的太松了
|
5
dndx 2016-01-24 01:23:14 +08:00
|
6
xcatliu OP @virusdefender 是, LeetCode 不担心你能运行 shell 脚本,只是怕你了解运行模式之后,影响到了解题的思路
|
9
Arthur2e5 2016-01-24 12:54:40 +08:00
|
10
Delbert 2016-01-24 15:13:55 +08:00 via iPad
leetcode 本身还有 shell 专区的,本身就不是漏洞吧……
|
12
vanxining 2016-01-24 22:25:18 +08:00 via Android
LeetCode 创始人似乎是能说中文的?
|