Sandboxing / Executing of Untrusted Code #173
-
|
I'm currently using JavaScript as a scripting language for games, which is great because JS is well sandboxed, and can be used, similar to a Browser web page, to run untrusted mods, without having to worry about somebody being able to take over your machine ( unless of course you add JS bindings to the filesystem, etc. ) I was curious if in the future, you would consider HVM useful in the same scenario, where you may not trust the code you are executing for mods. I know with such a brand-new project we can't necessarily expect rock solid security yet, but I wanted to know if, in concept anyway, that should be reasonable in a fully mature HVM. This would also feel way more secure if we managed to pull of a proof of the HVM invariants ( #120 ), of course, which could make it even better than JavaScript. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
In my understanding, this is just a matter of instantiating a clean slate HVM runtime without any of the default IOs and just injecting the relevant rules for the script system making sure they guarantee the sandboxing. And... coming to trust that the VM does not have a remote-code-execution-like vulnerability. Formalizing the HVM would indeed be a very strong step towards the latter. |
Beta Was this translation helpful? Give feedback.
-
|
Cool, that was my understanding. 👍 |
Beta Was this translation helpful? Give feedback.
In my understanding, this is just a matter of instantiating a clean slate HVM runtime without any of the default IOs and just injecting the relevant rules for the script system making sure they guarantee the sandboxing. And... coming to trust that the VM does not have a remote-code-execution-like vulnerability. Formalizing the HVM would indeed be a very strong step towards the latter.