Safe vs Unsafe
I understand that there is no such thing as completely safe. Even opening a webpage can be regarded as unsafe. I simply want to find a relatively secure way of compiling and running untrusted code. Hence, I wish to know if Docker is suitable for this and if I need to use any further hardening techniques.
Being an educational site, the type of hackers expected are probably those who just want to cause damage for the sake of damage.
As the untrusted code is run on a separate server within a docker, even if the user somehow gets out of the docker, it will only be able to get access to that server. Considering there is nothing else on that server, the only damage they should be able to do is affecting the running and compiling aspect of the application.
From your answer it seems that your saying Docker may be suitable provided I run the container as non-root, don’t expose the host directly and update regularly. There is still a risk however (however I assume there will of course be some risks for a task such as this).
Am I correct in this understanding?
Also is there any further suggestions in how I can achieve my goal in the most secure manner possible?