I've spent more than a few hours humbling myself on the ACM ICPC's problem set archive, and I've wondered how the online judge is able to compile and run source code from any user and prevent malicious attacks to their system.
Are the compiled binaries run from some kind of limited sandbox? How would one go about setting up this kind of sandbox? What OS would you use? How would you launch a user's compiled executable?