• 请不要在回答技术问题时复制粘贴 AI 生成的内容
This topic created in 3793 days ago, the information mentioned may be changed or developed.
 |
1
xcatliu OP 想了想, GitHub 被我删了,免得被大家玩坏了。。。
已经汇报给 LeetCode 官方 |
|
2
xcatliu OP  1
Hi,
First, thanks for reporting to us and deleting the github repo. We do appreciate that you take the time to report us and taking some possible security holes offline so evil minds won't take advantage of this to do something possibly malicious. I do realize that you are able to run shell commands, and this is perfectly okay. You can even run `cat /etc/passwd` and that's allowed. The reason is everything is run inside a sandbox which would not affect the host system. However, I do prefer not to show the internal working of how the user code is run as shown in the `ps aux` command, which may tell something to the user more than he/she needs to know. |
 |
3
virusdefender Jan 23, 2016
只能说 leetcode 应该是虚拟机运行的,有沙箱但沙箱限制的太松了
|
 |
5
dndx Jan 24, 2016
|
|
6
xcatliu OP @virusdefender 是, LeetCode 不担心你能运行 shell 脚本,只是怕你了解运行模式之后,影响到了解题的思路
|
 |
9
Arthur2e5 Jan 24, 2016
|
 |
10
Delbert Jan 24, 2016 via iPad
leetcode 本身还有 shell 专区的,本身就不是漏洞吧……
|
 |
12
vanxining Jan 24, 2016 via Android
LeetCode 创始人似乎是能说中文的?
|
Select Language