[Joh_ita]

It's a great root access shell - world connected - with python. Supercool. May this configure a security issue?

[strong_code]

I was able to do

  rm -rf bin

Maybe don't let your users do that? Uptime on the box was 13 days as well - you should probably just spin up fresh on-demand boxes for this.

[asadlionpk]

This only affects that one interview pad you ran it in. We can make it hard to do stuff like this but one can always find a way. And it's fine too because these commands affect that user only.

[asadlionpk]

Thanks. About security, each shell is inside a sandbox that isolates it from other users.

[Joh_ita]

Yes I thought that this might be the case. Have you considered that someone could use your demo page to run his own malicious code?

Hey, just wondeiring eh :)

[asadlionpk]

Yes, we limit the resources we give to demo containers. So isolation and limited resources should be enough to prevent most malicious codes (like forkbombs, DDOS scripts, etc). Feel free to play with it. We would love to hear if you find something that can cause trouble!

[nimmer]

That's not the point. You are not preventing malicious pad users from setting up outgoing connection and attacking other systems. Hint: exploits.