On Tue, Jul 3, 2012 at 4:27 AM, Will Riley <[email protected]> wrote: > Hi, > > Right now I'm working on a sandbox library for node.js. I'd most likely be > using vm.runInNewContext to prevent any unwanted methods (eg process.kill) > from becoming accessible, and the untrusted code would run in a different > node process. > > I'm looking into the possibility of enabling code to call a wrapped > 'require()' for loading a restricted set of modules (eg 'crypto' or 'util'), > or even exposing wrapped versions of 'net' or 'fs' that restrict their use > to certain paths/addresses. This is mainly for performance reasons, > otherwise I'd do I/O in the main process. > > I'm a bit concerned that somehow, 'process.binding()' is going to become > accessible to the untrusted code if I expose a module to it. Is this an > irrational concern, or would it be more secure to wrap process.binding in > the global scope of my sandbox before running the untrusted code? > > Thanks again!
The vm module is *not* for running untrusted code. A sandbox != secure jail. We warn about it in the docs but maybe we have to be more explicit about it because questions like yours come up often. -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
