Existence of Bash terminals in Codecademy courses

I have taken a few Codecademy courses, and have noticed that some of them provide an opportunity to use a bash terminal. Curious, I decided to look through this terminal, to see if it was an actual UNIX system that my code files were running on. Upon going to the highest directory, I encountered this:
image
Upon looking through the directories in this system, I found many things:
The directory where code that you create using the GUI interface is stored can be found at /home/ccuser/workspace.
I get the feeling that this is an actual UNIX system that I am able to access, as directories like /usr/games actually contains command programs that are found on UNIX systems, but have no use for Codecademy lessons (cowsay, for example).

Upon attempting to alter some of the contents of the various “hidden” directories, it seems that I do not have editing access.

My Question:
Does anyone know more about these Codecademy bash terminals? Are they actual computers or are they just really well coded replicas?

Thanks,
Tiger_The_Cat

All the sites that allow users to execute code (for example codecademy.com, repl.it, codewars.com, qualified.io) use virtualization to create virtual environments for the code execution.

Environments have to be isolated and have to be limited - we don’t want users to play with other users’ codebases, or worse - with our infrastructure, right? So containers and virtual machines are being used.

For example, qualified.io has a Docker registry with an image for each language they support, you can find the images here → Docker Hub. So whenever they have to run the code that was submitted by the user:

  1. they pick the right image;
  2. they create a container based on this image;
  3. they run some preprocessing tasks;
  4. they copy the code files into the container;
  5. they execute the script;
  6. they gather the output from the script itself and the defined tests;
  7. they kill the container.

Here → GitHub - remoteinterview/compilebox: Compile and run user-submitted code in a docker based sandbox. you can find the repository of the code runner that was used by the remoteinterview.io project. This repository should be archived by now, it’s not maintained. And this claim:

The system will test the code in an isolated environment. This way you do not have to worry about untrusted code possibly damaging your server intentionally or unintentionally.

is simply misleading. You should always be wary when you execute untrusted code. There is always a possibility of finding an escape from the virtualization, and giving the user access to the host machine is the worst-case scenario.

Nonetheless, it shows how the code runners operate, so it might be a righ resource for you.

Another example of a similar service (with exactly the same caveat) → GitHub - StepicOrg/epicbox: Run untrusted code in secure Docker based sandboxes.

So, is that a real system? Yes. But with a few layers of virtualization, isolation, and other security layers.

To learn more about containers and their use with the untrusted code I would suggest searching using these keywords:

  • Docker;
  • LXC;
  • Kata containers;
  • virtualization;
  • isolation;
  • sandboxed containers.
8 Likes

Hello!

I wanted to thank you for such a great answer. I learned so much about containers, virtualization, and isolation. Informative and detailed answers like these are what makes the Codecademy forum so great.

Thank you for going out of your way to teach me (and others) something new!

Have a great day!
Tiger_The_Cat

1 Like