Evalbot

Evalbot is an IRC bot that will safely evaluate arbitrary bash commands. You can try it out yourself on Freenode. It's mainly used for educational purposes in #bash, where it can evaluate self-contained examples. Here is a sample conversation:

10:12 <@koala_man> # ls -l / | tail -n 3
10:12 < evalbot> koala_man: dr-xr-xr-x 24 root root 0 Jan 9 22:25 proc
10:12 < evalbot> koala_man: drwxr-xr-x 2 root root 0 Feb 7 09:12 root
10:12 < evalbot> koala_man: drwxrwxrwt 2 root root 0 Jan 9 22:25 tmp
10:14 <@koala_man> # f() { (( $1 <= 1 )) && echo 1 || echo $(( $(f $(($1-1))) + $(f $(($1-2))) )); }; f 8
10:14 < evalbot> koala_man: 34
10:16 <@koala_man> # sed streetlight <<< reeter
10:16 < evalbot> koala_man: lighter
10:17 <@koala_man> # date; uname -a
10:17 < evalbot> koala_man: Sat Feb 7 09:17:22 UTC 2009
10:17 < evalbot> koala_man: Linux bunnies 2.6.27.6 #9 Sat Nov 15 16:44:53 CET 2008 i686 Pentium II (Klamath) GenuineIntel GNU/Linux

But what happens if I ...

There is an ongoing competition in #evalbot on Freenode: Break evalbot (currently shbot) and win a pony. All the things you are currently thinking of have been tried.

How it works

Evalbot relies on QEMU. Qemu is set up with a small kernel and an initramfs containing all the desired executables, as well as a serial terminal linked to Qemu's stdin/stdout. Initially, Qemu is booted and its state is saved. On each evaluated command, this state is loaded (giving a usable shell in less than one second), a command is fed on stdin and the output read on stdout. This, of course, means that all changes are transient and won't show up in the next evaluated command. A timeout of four seconds ensures that it's not easily DoSable. There are also a few smaller hacks for details such as the time of day which would otherwise be stuck at the moment of savestate.

Download

#bash's current shell evaluator is geirha's shbot, an improved and extended fork. Consider using that instead.

The original evalbot can be downloaded here (8MB). It includes everything needed to run, including a kernel and binaries scavenged from an old Gentoo system (both can be easily replaced). Being a weekend hack, it's not exactly polished, but only minor tweaks should be necessary.

Version history

Note

If using pax, "paxctl -c /usr/bin/qemu*; paxctl -pemrxs /usr/bin/qemu*;" should allow qemu to run.

More stuff I made.