undefined | Better HN

0 pointsmhh__6y ago0 comments

Sandboxing is possible but only if it brings it's own standard library (I think... I'm not familiar with how go implements io at it's roots)

0 pointsmhh__6y ago0 comments

Sandboxing is possible but only if it brings it's own standard library (I think... I'm not familiar with how go implements io at it's roots)

0 comments

5 comments · 1 top-level

stcredzero6y ago· 4 in thread

I'm working on an approach for Golang sandboxing which works through whitelisting imports, and munging all references, casting operations, and function calls, which lets one whitelist those as well. I would disallow all io and network access.

the_duke6y ago

Seems like a wasm interpreter with WASI might be a better approach.

stcredzero6y ago

I've also given that some thought as well. Actually, all of the above could be combined.

mhh__OP6y ago

No IO? As in at all?

xor eax, eax here we come.

stcredzero6y ago

I would be providing an API and handling IO for the client. I'm not disallowing all IO and network access. I'm restricting it to going through my API.

1 more reply

j / k navigate · click thread line to collapse

0 comments

5 comments · 1 top-level

stcredzero6y ago· 4 in thread

the_duke6y ago

Seems like a wasm interpreter with WASI might be a better approach.

stcredzero6y ago

I've also given that some thought as well. Actually, all of the above could be combined.

mhh__OP6y ago

No IO? As in at all?

xor eax, eax here we come.

stcredzero6y ago

I would be providing an API and handling IO for the client. I'm not disallowing all IO and network access. I'm restricting it to going through my API.

1 more reply

j / k navigate · click thread line to collapse