You don't filter out CPP macro's. I would skip that and only allow C code. Or run this thing in a proper jail because at the moment:
- doing an include #include "/dev/random" will block the thread.
- including "/etc/passwd" is also possible although I don't see a direct way to turn this into password disclosure.
Seriously; even if it's a weekend project, letting people run all kinds of potentially bad code on your machine is never a good idea. Even though you don't run the binaries yourself there's so many ways to mess around with a compiler. You just don't know what's going to happen.
Saying "you can read /etc/shadow by doing X, Y, and Z" is okay -- it's a permanent record there was a flaw. Saying "here's your root password hash" is not ok; even once the flaw is fixed, that hash is still floating around out there. I'd take advantage of the edit period and remove that from your comment; it's just not cool. The OP should definitely change the root password on the box regardless.
- doing an include #include "/dev/random" will block the thread. - including "/etc/passwd" is also possible although I don't see a direct way to turn this into password disclosure.
Seriously; even if it's a weekend project, letting people run all kinds of potentially bad code on your machine is never a good idea. Even though you don't run the binaries yourself there's so many ways to mess around with a compiler. You just don't know what's going to happen.