[ynh]

I have now fixed it. But I think there must be an other way to make it safe. Maybe a sandbox

[dzorz]

This is part of your /etc/shadow file:

    root:censored

We can still read /etc/ssh/ssh_host_rsa_key, etc.

Edit: removed hash, sorry

[daeken]

Saying "you can read /etc/shadow by doing X, Y, and Z" is okay -- it's a permanent record there was a flaw. Saying "here's your root password hash" is not ok; even once the flaw is fixed, that hash is still floating around out there. I'd take advantage of the edit period and remove that from your comment; it's just not cool. The OP should definitely change the root password on the box regardless.

[wulczer]

Well one easy way to increase security would for this to stop running as root.

Please, don't ever run your application code as root. Less so when it's facing the Internet.

[ynh]

No problem I think I could fix it.

Can you show us how you read the content of the file. Just want to learn more

[espes]

If it's a server used for other things, definitely a sandbox. gcc's not exactly security hardend. Best one (novel solution, though the code's old and shit) I've come across: https://pts-mini-gpl.googlecode.com/svn/trunk/uevalrun/doc/u...

[ynh]

I have now used a the wrapper by gcc-explorer https://github.com/mattgodbolt/gcc-explorer/blob/master/c-pr...