I’d like to provide end-user scripting (that would run server-side) in an application. I’ve been reading around, and found that sandboxing is much more of a problem than I thought.
I don’t really care what the language is. LUA, Python, JavaScript, I’m fine with anything readable.
How hard is it to run a function in an untrusted script, passing in some information and obtaining some more? I’ve read JVM Security Manager is a no-go and that Python is nearly unsandboxable, but I have very little knowledge on the topic and can’t really judge the sources.
How can I, for example, interpret a function in JS that takes a JSON (from, say, Java, or Python, or even node.js), and get back the returned JSON?
I’d like to avoid implementing a pythonish i-just-know-it-will-suck language interpreter myself.
Lua has good sandboxing capabilities and is clean and simple.
It has the setfenv() function that can run code in a specific environment. The untrusted code can only access what is in the specific environment.
For C functions, such as
string.rep, you can prevent memory over-consumption by replacing them with Lua functions or providing a custom memory allocator tolua_newstate.Also, if you decide that you wish to use Lua for trusted code and have it interface with untrusted code, you can use coroutines and
debug.sethookto control CPU usage.The Lua Wiki has a simple example sandbox.
The source code of the lua live demo might be of interest, too.