Ask HN: Whats State of the art for Code Sandboxing? (2024)

7 points by bnchrch ↗ HN
Im curious about running User Submitted code in a way that

* Protects the host system

* Protects the host network

* Lets me constrain allowed URLs

* Lets me constrain run time resources

* Lets me accept more than one language easily.

At a quick glance it seems like theres a healthy balance of recommendations from nested virtualization (QEMU inside a locked down docker host) and WASM (this can imply many architectures).

So HN, if you were to create a sandbox system. What would you reach for?

7 comments

[ 5.8 ms ] story [ 32.3 ms ] thread
Much like "security," I think of "sandboxing" as "defense against what"? Because on one end of the spectrum is "system prints hello world, exits" and the other is emulated ... everything, virtual filesystem, virtual network, etc, as one might find in a capture the flag scenario

So, I guess the rest of the owl is: what, if you had a magic wand, would you use such a system to run user submitted code to do?

Its integration code, for third party services. Both read and write.

So by nature you need to access the internet, but not the local network, and you need some file system access, but not much.

We also pay for cpu cycles, so preventing bitcoin mining is another one.

Basically do anything, but access our internal services, siphon out data in transit, mine bitcoin.

(Also before people say sandboxing wont solve all of this. I know. :P )

All browsers offer this sandbox as default use the web
Unfortunately, in my case (and im sure many others), this code runs server side. Long running jobs, cpu intensive, etc.