Untrusted code sandboxing and IoSandbox serialization

[void4]

I'm looking for a language with the following two properties:

• untrusted code can be sandboxed and executed within the same process, while restricting both runtime and access to resources (stack frame, network, filesystem)
• the sandbox can be suspended and serialized, stored in memory and sent over the network, then resumed again

As far as I understand this is not yet possible with iolanguage, but would this be feasible to implement?

[stevedekorte]

You can do to the former but not the later with Io. That's a feature I'd definitely like in a future version.

[stevedekorte]

Btw, I'd be interested to know what solution you find. The only persist-able state languages I know of are LISP and Smalltalk (and of course there are significant limits on what can be persisted).

[acook]

This is a set of features I'm also interested in.

I'm working on a high level VM which is intended to do exactly the above. Most of the internals are directly exposed and can be operated on programmatically and the program stacks (it's a sort of half-cactus-stack currently) can be serialized or manipulated like any other data structure. I haven't developed the network stack yet, or make any claims of stability (the tests pass though). I've currently implemented this on top of Go and I'm to move it to Rust or LLVM-IM directly.

It should be possible to implement a DSL on top of Io to do something similar, but it would likely end up being a sort of sexp or AST evaluator. This isn't a bad thing but might be awkward to use and I'm not sure what the performance characteristics would be, so language-native support would be a huge win for Io IMHO.

[void4]

@acook

I've had a look at https://github.com/acook/blacklight - is this what you refer to?

The construct that started my search was Stackless Pythons' tasklets:
http://stackless.readthedocs.io/en/2.7-slp/library/stackless/pickling.html
Unfortunately, there isn't a way to sandbox tasklets securely, without using another process.

More here: void4/notes#5

I love the idea of tasklets jumping around in networks, so these three language properties are of special interest to me:

• IO interface specs
• memory management
• instruction metering

[acook]

@void4 Yes, that repo is my POC for the VM. It's intended as a target for higher level languages.

Sandboxing and "pickling" is a small part of the larger system I am working on, but essential for decentralized computing at scale. I started working on a very primitive version of this decentralized computing idea around 2009 or so, in late 2015 I started the blacklight POC and in 2016 after the company where I was director of engineering was purchased I took a year off work to focus on research. This larger concept (of which blacklight is just one aspect) has been a long-time passion project for me.

Looking at your notes, it seems you and I have a lot of similar goals. I don't want to distract from Io, but if you would like we can continue the conversation elsewhere, my email is on GitHub and there's a Gitter channel on the blacklight repo.