Comment by MobiusHorizons

Comment by MobiusHorizons 15 hours ago

5 replies

View on Hacker News

This is generally the purpose of JavaScript execution environments like v8 or jsc (or quickjs although I understand not trusting that as a sandbox to the same degree). They are specifically intended for executing untrusted scripts (eg web browsers). Web assembly’s sandboxing comes from js sandboxing, since it was originally a feature of the same programs for the same reasons. Wrapping one sandbox in another is what I’m surprised by.

simonw 15 hours ago

Running v8 itself as a sandbox is non-trivial, at least embedded in a Python or Node.js or similar application.

The web is littered with libraries that half do that and then have a note in the README that says "do not rely on this as a secure sandbox".

Reply View 4 replies
  • MobiusHorizons 14 hours ago

    Is it though? I have not personally used these libraries, but a cursory google search reveals several options: - cloudflare/STPyV8: [0] From cloudflare, intended for executing untrusted code. - Pythonmonkey: [1] Embeds spidermonkey. Not clearly security focused, but sandboxing untrusted code is literally the point of browser js engines.

    It's a little less clear how you would do this from node, but the v8 embedding instructions should work https://v8.dev/docs/embed even if nodejs is already a copy of v8.

    [0]: https://github.com/cloudflare/stpyv8 [1]: https://docs.pythonmonkey.io

    Reply View 3 replies
    • simonw 13 hours ago

      ... whoa, I don't know how I missed it but I hadn't seen STPyV8 before.

      I'd seen PyV8 and ruled it out as very unmaintained.

      One of my requirements for a sandbox is that it needs to me maintained by a team of professionals who are running a multi-million dollar business on it. Cloudflare certainly count! I wonder what they use STPyV8 for themselves?

      ... on closer inspection it doesn't seem to have the feature I care most about: the ability to constrain memory usage (see comment here https://github.com/cloudflare/stpyv8/blob/57e881c7fbe178c598...) - and there's no built-in support for time limits either, you have to cancel tasks from a separate thread: https://github.com/cloudflare/stpyv8/issues/112

      PythonMonkey looks promising too: the documentation says "MVP as of September 2024" so clearly it's intended to be stable for production use at this point.

      Reply View 2 replies
      • MobiusHorizons 7 hours ago

        I’m sure you are aware the sandbox that requires maintaining is v8 itself. Of course there are ways for the wrapper to break the sandbox by providing too much in thr global context, but short of that, which the application code could easily do as well, I don’t see why a wrapper should require significant resources to maintain beyond consuming regular updates from upstream. Is there some other reason you hold such a high bar for what is basically just python glue code for the underlying v8 embed api?

        Reply View 1 reply
        • simonw 6 hours ago

          None of those v8 solutions provide what I need:

          1. The ability to restrict the amount of memory that the sandboxed code can use

          2. The ability to set a reliable time limit on execution after which the code will be terminated

          My third requirement is that a company with real money on the line and a professional security team is actively maintaining the library. I don't want to be the first person to find out about any exploits!

          Reply View 0 replies