Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Whats State of the art for Code Sandboxing? (2024)
7 points by bnchrch 6 months ago | hide | past | favorite | 7 comments
Im curious about running User Submitted code in a way that

* Protects the host system

* Protects the host network

* Lets me constrain allowed URLs

* Lets me constrain run time resources

* Lets me accept more than one language easily.

At a quick glance it seems like theres a healthy balance of recommendations from nested virtualization (QEMU inside a locked down docker host) and WASM (this can imply many architectures).

So HN, if you were to create a sandbox system. What would you reach for?




I've some examples listed here, might be helpful: https://mogoz.geekodour.org/posts/20221101183016-virtualizat...


This is fantastic and exactly the type of information I was hunting for!

I particularly like the little benchmark you did on invocation time of native vs wasm vs firecracker vs docker.


This is probably not helpful, but, can you figure out the infra of https://godbolt.org/ and follow what they have done?


Much like "security," I think of "sandboxing" as "defense against what"? Because on one end of the spectrum is "system prints hello world, exits" and the other is emulated ... everything, virtual filesystem, virtual network, etc, as one might find in a capture the flag scenario

So, I guess the rest of the owl is: what, if you had a magic wand, would you use such a system to run user submitted code to do?


Its integration code, for third party services. Both read and write.

So by nature you need to access the internet, but not the local network, and you need some file system access, but not much.

We also pay for cpu cycles, so preventing bitcoin mining is another one.

Basically do anything, but access our internal services, siphon out data in transit, mine bitcoin.

(Also before people say sandboxing wont solve all of this. I know. :P )


All browsers offer this sandbox as default use the web


Unfortunately, in my case (and im sure many others), this code runs server side. Long running jobs, cpu intensive, etc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: