Hanno BΓΆck, author of the project
For example, substituting in one of the online services in the code "#include Β» at the output, it was possible to obtain a hash of the root user password from the /etc/shadow file, which also indicates that the web service is running as root and runs compilation commands under the root user (it is possible that an isolated container was used during compilation, but running with root permissions in the container is also a problem). The problematic service, in which it was possible to reproduce the problem, is not advertised yet. Attempts to open files in the pseudo FS /proc failed because GCC treats them as empty files, but opening files from /sys works.
Source: opennet.ru