Hi there! You might want to check out Try Erlang (http://www.tryerlang.org/). That is, you can't check out the source code right now. However, according to the FAQ (http://www.tryerlang.org/faq) they "plan to release the whole project as Open Source very soon". I guess that nagging Roberto Aloi (who's the principal author) might speed that up ;)
Regarding sandbox security: I believe that it is possible to implement a sandbox thing that provides reasonable security, as long as your whitelist is restrictive enough. That is, one has to be pretty cautious regarding the whitelist policy, especially when it comes to functions that have the ability to construct new terms, like for instance `list_to_atom/1` or `binary_to_term/1,2`. The former makes it possible fill up the Erlang VM's atom table, which makes it prone to DoS attacks. The latter has a "safe" mode (when being invoked with the `safe` option), though, but still allows to create function references, which can be exploited (see http://aloiroberto.wordpress.com/2010/10/14/how-they-tried-to-fool-tryerlang-org/). Oh, I've used the term "reasonable security" above. I should explain (at least roughly) what I mean with that ;) For example, Try Erlang has been existing (and being online) for several years now, and people haven't found something exploitable, except for one time more than three years ago. Depending on your security needs, your knowledge of Erlang, your knowledge of the sandbox code, and other known facts as well as your general level of paranoia, this might be enough for you to trust it. Klaus On 10/16/2013 08:48 PM, Paul Davis wrote: > There have been discussions on figuring out how to sandbox Erlang. The > biggest thing on that front was that we'd want it to be a whitelist as > opposed to a blacklist of modules and/or module/function pairs. The > second is that with dynamic invocation its not immediately apparent if > that's entirely possible to do. > > On Wed, Oct 16, 2013 at 10:39 AM, Chris Keele <[email protected]> wrote: >> Hey everyone! I'm trying to develop a sandbox for Elixir, and I wanted to >> see how such a library might prove useful to the CouchDB dev community. >> >> My initial goal is just to be able to run string of code in a predefined >> environment with configurable modules disabled, returning all output. But >> I'd like to design it for bigger things from the ground up, so I was >> wondering what sorts of requirements you might have of a sandbox library if >> you wanted to, say, implement a secure view processor. >> >> I've started a discussion thread here: >> https://groups.google.com/forum/#!topic/elixir-lang-talk/wA1l74HCZmI, but >> I'm particularly interested in your opinions! >> -- >> Chris Keele >>
signature.asc
Description: OpenPGP digital signature
