Security Issue: You allow access to some files you shouldn't


<Below this line, add a link to the EXACT exercise that you are stuck at. The query string (? and beyond) may be truncated.>
<In what way does your code behave incorrectly? Include ALL error messages.>
It shows important info.
Im sorry I have to report it here. I checked the site, there isn’t a contact info.
<What do you expect to happen instead?>
Permission denied.


my_file = open("/proc/version",“r”)

<do not remove the three backticks above>

yes, it does show important info of a sandbox. Hm… I will look into it. I am not sure how this information will help you to escape the sand box. And you never eliminate the risk of revealing information, nmap also offers OS detection. Nothing to do about it.

1 Like

Allow access only to the /home/run* user. Security first, right?
Should be pretty straightfoward to do that, as I see from that you use a VM for every user in codeacademy, and each one have it’s own user in the VM.
Nmap offers OS detection but it’s easly circunvented. This could be a problem with one or more flaws…

No, codecademy gives you more access, so you can actually do a lot in the console, but it is properly sandboxed. The codecademy is build from the ground up with security in mind, given you want to be able to code on your site.

Point is, you are not the first the indicate a security flaw, but each time we looked into it, the result was nothing. There was no way anything could be done with the information gained.

Good that you bring it to our attention, we will look into it, but i would be surprised if it yields anything. Also, you could import os, and list everything in the proc directory

1 Like

Well, that’s good! Keep up the good work. I’m sure that you can handle it!

1 Like