xcatliu
2016-01-23 23:43:29 +08:00
Hi,
First, thanks for reporting to us and deleting the github repo. We do appreciate that you take the time to report us and taking some possible security holes offline so evil minds won't take advantage of this to do something possibly malicious.
I do realize that you are able to run shell commands, and this is perfectly okay. You can even run `cat /etc/passwd` and that's allowed. The reason is everything is run inside a sandbox which would not affect the host system. However, I do prefer not to show the internal working of how the user code is run as shown in the `ps aux` command, which may tell something to the user more than he/she needs to know.