OLD | NEW |
1 Design | 1 Design |
2 ====== | 2 ====== |
3 | 3 |
4 | 4 |
5 Overview | 5 Overview |
6 -------- | 6 -------- |
7 Allows trying out Skia code in the browser. | 7 Allows trying out Skia code in the browser. |
8 | 8 |
9 | 9 |
10 Security | 10 Security |
11 -------- | 11 -------- |
| 12 |
12 We're putting a C++ compiler on the web, and promising to run the results of | 13 We're putting a C++ compiler on the web, and promising to run the results of |
13 user submitted code, so security is a large concern. Security is handled in a | 14 user submitted code, so security is a large concern. Security is handled in a |
14 layered approach, using a combination of seccomp-bpf, chroot jail and rlimits. | 15 layered approach, using a combination of seccomp-bpf, chroot jail and rlimits. |
15 | 16 |
16 *seccomp-bpf* - Used to limit the types of system calls that the user code can | 17 *seccomp-bpf* - Used to limit the types of system calls that the user code can |
17 make. Any attempts to make a system call that isn't allowed causes the | 18 make. Any attempts to make a system call that isn't allowed causes the |
18 application to terminate immediately. | 19 application to terminate immediately. |
19 | 20 |
20 *chroot jail* - The code is run in a chroot jail, making the rest of the | 21 *chroot jail* - The code is run in a chroot jail, making the rest of the |
21 operating system files unreachable from the running code. | 22 operating system files unreachable from the running code. |
22 | 23 |
23 *rlimits* - Used to limit the resources the running code can get access to, | 24 *rlimits* - Used to limit the resources the running code can get access to, |
24 for example runtime is limited to 5s of CPU. | 25 for example runtime is limited to 5s of CPU. |
25 | 26 |
26 User submitted code is also restricted in the following ways: | 27 User submitted code is also restricted in the following ways: |
27 * Limited to 10K of code total. | 28 * Limited to 10K of code total. |
28 * No preprocessor use is allowed (no lines can begin with #includes). | 29 * No preprocessor use is allowed (no lines can begin with #includes). |
29 | 30 |
30 | 31 |
31 Architecture | 32 Architecture |
32 ------------ | 33 ------------ |
33 | 34 |
| 35 |
34 The server runs on GCE, and consists of a Go Web Server that calls out to the | 36 The server runs on GCE, and consists of a Go Web Server that calls out to the |
35 c++ compiler and executes code in a chroot jail. See the diagram below: | 37 c++ compiler and executes code in a chroot jail. See the diagram below: |
36 | 38 |
37 | 39 |
38 +–––––––––––––+ | 40 +–––––––––––––+ |
39 | | | 41 | | |
40 | Browser | | 42 | Browser | |
41 | | | 43 | | |
42 +––––––+––––––+ | 44 +––––––+––––––+ |
43 | | 45 | |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
107 exit_group | 109 exit_group |
108 exit | 110 exit |
109 fstat | 111 fstat |
110 read | 112 read |
111 write | 113 write |
112 close | 114 close |
113 mmap | 115 mmap |
114 munmap | 116 munmap |
115 brk | 117 brk |
116 | 118 |
| 119 Database |
| 120 -------- |
| 121 |
| 122 Code submitted is stored in an SQL database so that it can be referenced |
| 123 later, i.e. we can let users bookmark their SkFiddles. |
| 124 |
| 125 The storage layer will be Cloud SQL (a cloud version of MySQL). Back of the |
| 126 envelope estimates of traffic come out to a price of a about $1/month. |
| 127 |
| 128 All passwords for MySQL are stored in valentine. |
| 129 |
| 130 To connect to the database from the skia-webtry-b server: |
| 131 |
| 132 $ mysql --host=173.194.83.52 --user=root --password |
| 133 |
| 134 Initial setup of the database, the user, and the only table: |
| 135 |
| 136 CREATE DATABASE webtry; |
| 137 USE webtry; |
| 138 CREATE USER 'webtry'@'%' IDENTIFIED BY '<password is in valentine>'; |
| 139 GRANT SELECT, INSERT, UPDATE ON webtry.webtry TO 'webtry'@'%'; |
| 140 |
| 141 CREATE TABLE webtry ( |
| 142 code TEXT DEFAULT '' NOT NULL, |
| 143 create_ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL, |
| 144 hash CHAR(64) DEFAULT '' NOT NULL, |
| 145 PRIMARY KEY(hash) |
| 146 ); |
| 147 |
| 148 Common queries webtry.go will use: |
| 149 |
| 150 INSERT INTO webtry (code, hash) VALUES('int i = 0;...', 'abcdef...'); |
| 151 |
| 152 SELECT code, create_ts, hash FROM webtry WHERE hash='abcdef...'; |
| 153 |
| 154 SELECT code, create_ts, hash FROM webtry ORDER BY create_ts DESC LIMIT 2; |
| 155 |
| 156 // To change the password for the webtry sql client: |
| 157 SET PASSWORD for 'webtry'@'%' = PASSWORD('<password is in valentine>'); |
| 158 |
| 159 // Run before and after to confirm the password changed: |
| 160 SELECT Host, User, Password FROM mysql.user; |
| 161 |
| 162 Password for the database will be stored in the metadata instance, if the |
| 163 metadata server can't be found, i.e. running locally, then data will not be |
| 164 stored. To see the current password stored in metadata and the fingerprint: |
| 165 |
| 166 gcutil --project=google.com:skia-buildbots getinstance skia-webtry-b |
| 167 |
| 168 To set the mysql password that webtry is to use: |
| 169 |
| 170 gcutil --project=google.com:skia-buildbots setinstancemetadata skia-webtr
y-b --metadata=password:'[mysql client webtry password]' --fingerprint=[some fin
gerprint] |
| 171 |
| 172 To retrieve the password from the running instance just GET the right URL from |
| 173 the metadata server: |
| 174 |
| 175 curl "http://metadata/computeMetadata/v1/instance/attributes/password" -H "X
-Google-Metadata-Request: True" |
| 176 |
| 177 N.B. If you need to change the MySQL password that webtry uses, you must change |
| 178 it both in MySQL and the value stored in the metadata server. |
| 179 |
117 Installation | 180 Installation |
118 ------------ | 181 ------------ |
119 See the README file. | 182 See the README file. |
120 | 183 |
121 | 184 |
OLD | NEW |