Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Untrusted code sandboxing and IoSandbox serialization #353

Open
void4 opened this issue May 1, 2017 · 5 comments
Open

Untrusted code sandboxing and IoSandbox serialization #353

void4 opened this issue May 1, 2017 · 5 comments

Comments

@void4
Copy link

void4 commented May 1, 2017

I'm looking for a language with the following two properties:

  • untrusted code can be sandboxed and executed within the same process, while restricting both runtime and access to resources (stack frame, network, filesystem)
  • the sandbox can be suspended and serialized, stored in memory and sent over the network, then resumed again

As far as I understand this is not yet possible with iolanguage, but would this be feasible to implement?

@stevedekorte
Copy link
Member

You can do to the former but not the later with Io. That's a feature I'd definitely like in a future version.

@stevedekorte
Copy link
Member

Btw, I'd be interested to know what solution you find. The only persist-able state languages I know of are LISP and Smalltalk (and of course there are significant limits on what can be persisted).

@acook
Copy link

acook commented May 3, 2017

This is a set of features I'm also interested in.

I'm working on a high level VM which is intended to do exactly the above. Most of the internals are directly exposed and can be operated on programmatically and the program stacks (it's a sort of half-cactus-stack currently) can be serialized or manipulated like any other data structure. I haven't developed the network stack yet, or make any claims of stability (the tests pass though). I've currently implemented this on top of Go and I'm to move it to Rust or LLVM-IM directly.

It should be possible to implement a DSL on top of Io to do something similar, but it would likely end up being a sort of sexp or AST evaluator. This isn't a bad thing but might be awkward to use and I'm not sure what the performance characteristics would be, so language-native support would be a huge win for Io IMHO.

@void4
Copy link
Author

void4 commented May 4, 2017

@acook

I've had a look at https://github.com/acook/blacklight - is this what you refer to?

The construct that started my search was Stackless Pythons' tasklets:
http://stackless.readthedocs.io/en/2.7-slp/library/stackless/pickling.html
Unfortunately, there isn't a way to sandbox tasklets securely, without using another process.

More here: void4/notes#5

I love the idea of tasklets jumping around in networks, so these three language properties are of special interest to me:

  • IO interface specs
  • memory management
  • instruction metering

@acook
Copy link

acook commented May 6, 2017

@void4 Yes, that repo is my POC for the VM. It's intended as a target for higher level languages.

Sandboxing and "pickling" is a small part of the larger system I am working on, but essential for decentralized computing at scale. I started working on a very primitive version of this decentralized computing idea around 2009 or so, in late 2015 I started the blacklight POC and in 2016 after the company where I was director of engineering was purchased I took a year off work to focus on research. This larger concept (of which blacklight is just one aspect) has been a long-time passion project for me.

Looking at your notes, it seems you and I have a lot of similar goals. I don't want to distract from Io, but if you would like we can continue the conversation elsewhere, my email is on GitHub and there's a Gitter channel on the blacklight repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants