Ah, I see. I saw in the docs that it says "safely running untrusted code requires a separate process", but could you elaborate on that? Would it be better to use vanilla v8 for something like this?
On Monday, July 2, 2012 10:53:26 PM UTC-4, Ben Noordhuis wrote: > > On Tue, Jul 3, 2012 at 4:27 AM, Will Riley <[email protected]> wrote: > > Hi, > > > > Right now I'm working on a sandbox library for node.js. I'd most likely > be > > using vm.runInNewContext to prevent any unwanted methods (eg > process.kill) > > from becoming accessible, and the untrusted code would run in a > different > > node process. > > > > I'm looking into the possibility of enabling code to call a wrapped > > 'require()' for loading a restricted set of modules (eg 'crypto' or > 'util'), > > or even exposing wrapped versions of 'net' or 'fs' that restrict their > use > > to certain paths/addresses. This is mainly for performance reasons, > > otherwise I'd do I/O in the main process. > > > > I'm a bit concerned that somehow, 'process.binding()' is going to become > > accessible to the untrusted code if I expose a module to it. Is this an > > irrational concern, or would it be more secure to wrap process.binding > in > > the global scope of my sandbox before running the untrusted code? > > > > Thanks again! > > The vm module is *not* for running untrusted code. A sandbox != secure > jail. > > We warn about it in the docs but maybe we have to be more explicit > about it because questions like yours come up often. > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
