Hello, community, I noticed that Apache APISIX supports serverless plugins for hot loading user's code, which is a very nice feature. However, Apache APISIX does not seem to limit the execution environment of these hot codes, and there may be some risks. The hot code loaded by lua and the framework code of the entire system run in the same context. If there is an operation to operate the global environment in the hot loaded code, it will affect the function of the entire system. I wrote a simple in the issue. example[1]. Worse yet, if a hacker uses malicious code, it could exploit this feature to attack the user's operating system.
So I think Apache APISIX can add a layer of protection when executing hot code, so that hot code can run in a sandbox. Here is an article[2] describing how to use sandboxing in lua code to safely execute hot code, we can refer to it. I personally think setting a blacklist of safe functions is more appropriate. What is everyone's opinion? Is there a better way to achieve this? Welcome to discuss. [1]: https://github.com/apache/apisix/issues/6729 [2]: http://lua-users.org/wiki/SandBoxes -- Thanks, Shirui Zhao
