发现可以在 LeetCode 的机器上运行一些脚本

想了想， GitHub 被我删了，免得被大家玩坏了。。。

已经汇报给 LeetCode 官方

Hi,

First, thanks for reporting to us and deleting the github repo. We do appreciate that you take the time to report us and taking some possible security holes offline so evil minds won't take advantage of this to do something possibly malicious.

I do realize that you are able to run shell commands, and this is perfectly okay. You can even run `cat /etc/passwd` and that's allowed. The reason is everything is run inside a sandbox which would not affect the host system. However, I do prefer not to show the internal working of how the user code is run as shown in the `ps aux` command, which may tell something to the user more than he/she needs to know.

只能说 leetcode 应该是虚拟机运行的，有沙箱但沙箱限制的太松了

@xcatliu 能解释一下技术原理吗？

这样？

https://gist.github.com/dndx/de8f85588eccfef0795f

@virusdefender 是， LeetCode 不担心你能运行 shell 脚本，只是怕你了解运行模式之后，影响到了解题的思路

@mzer0 大部分语音都有执行 shell 命令的方法吧

@dndx 是，别滥用即可

http://pastebin.com/zUFepNWg 这个是……

leetcode 本身还有 shell 专区的，本身就不是漏洞吧……

@Delbert 我也是这么问 LeetCode 的。。

LeetCode 创始人似乎是能说中文的？