You're not the only one!

I've had to put a variety of "anti-hacker" features into the public instance, even though it runs on a (somewhat) throwaway EC2 instance.

Check out the source, and the LDPRELOAD stuff I do to try and make the compilers vaguely secure...!

But did you secure it against endless parser loops? At least older g++ versions have a problem with this:

    template<class T> struct Loop { Loop<T*> operator->(); };
    Loop<int> i, j = i->hooray;

And on older gcc versions this eats a gig RAM and a takes couple of hours:

    struct a{typedef int foo;};struct a1:a{};struct a2:a{};
    #define X(b,a) struct a##1:b##1,b##2{};struct a##2:b##1,b##2{};
    X(a,b)X(b,c)X(c,d)X(d,e)X(e,f)X(f,g)X(g,h)X(h,i)X(i,j)X(j,k)X(k,l)
    X(l,m)X(m,n) n1::foo main(){}

From slide 11 and 12 of this presentation: http://www.fefe.de/c++/c%2B%2B-talk.pdf

I've done my best to protect against these too with both babysitting process timeouts and as a last line of defense, ulimit "limits".

Thanks for sharing those utterly evil examples though! :D