Am Sonntag, den 04.03.2012, 17:43 -0800 schrieb Luke Scott: > What I'm trying to figure out is what to do when I want users to write > plugins (untrusted code). I only want them to have access to (1) what > V8 vanilla provides and (2) a few classes that provide context sensitive > functions. But with a single thread malicious code goes well beyond what > the user can access - It also includes writing code that blocks. > > As I understand it the only way to ensure a user can't jailbreak or block > the event loop is to run their code in a separate thread, which is > something that won't happen in Node.js. There were some mention of > user-land solutions. But this makes me hesitant because wouldn't a > "user-land" solution be written in JavaScript?
Just make one child process per request. The child processes should be vanilla V8 with only two additions, one function for reading one line from standard input and one for logging strings to standard output. When child processes don't die in a certain time, kill them. Set the RAM size restriction low. Well, that's the easiest - and slowest - way, I guess. How often will those scripts have to run? Is it ok to waste lots of CPU time per incoming "run script" command? How many need to be able to run in parallel?
signature.asc
Description: This is a digitally signed message part
