I am not 100% sure but I believe that it is possible to start docker instance on some remote host (one instance per user or per script invocation) and let python execute script inside that docker instance. A malicious script can try to damage server but the damage will remain inside its own docker instance. It won't affect other users nor the host as a whole.
If I am not mistaken that is what travis services do with the github projects (including Leo recently). On every github activity (commit/pull request), it starts new docker instance, installs python and all necessary libraries, retrieves fresh copy of the source code from github, builds project and runs tests inside this docker instance and then shuts it down, keeping only built artifacts and execution logs. Theoretically, an attacker might submit a pull request containing malicious code to some legitimate project and travis will execute that code to check if the pull request is breaking something or not. Of course this attacker has to be registered on github to submit pull request in the first place, and probably will be soon banned. Nevertheless his malicious code will be executed but it can't make substantial damage to the service. The only problem I see is that starting new docker instance takes the time, so it won't be very practical to start one instance for every script invocation. Also I am not sure how many instances can one host run simultaneously. Perhaps there can be two different types of Leo server: - Public Leo server which can provide multi-user outline editing and browsing, but without scripting abilities - Private local Leo server which provides full Leo experience including script execution on local machine, but for a single user The public one may allow execution of some scripts approved by the site administrator. Vitalije -- You received this message because you are subscribed to the Google Groups "leo-editor" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/leo-editor. For more options, visit https://groups.google.com/d/optout.
