undefined | Better HN

0 pointsmhh__6y ago0 comments

Sandboxing is possible but only if it brings it's own standard library (I think... I'm not familiar with how go implements io at it's roots)

0 comments

stcredzero6y ago

I'm working on an approach for Golang sandboxing which works through whitelisting imports, and munging all references, casting operations, and function calls, which lets one whitelist those as well. I would disallow all io and network access.

the_duke6y ago

Seems like a wasm interpreter with WASI might be a better approach.

stcredzero6y ago

I've also given that some thought as well. Actually, all of the above could be combined.

mhh__OP6y ago

No IO? As in at all?

xor eax, eax here we come.

stcredzero6y ago

I would be providing an API and handling IO for the client. I'm not disallowing all IO and network access. I'm restricting it to going through my API.

1 more reply

j / k navigate · click thread line to collapse

0 comments

stcredzero6y ago

the_duke6y ago

Seems like a wasm interpreter with WASI might be a better approach.

stcredzero6y ago

I've also given that some thought as well. Actually, all of the above could be combined.

mhh__OP6y ago

No IO? As in at all?

xor eax, eax here we come.

stcredzero6y ago

I would be providing an API and handling IO for the client. I'm not disallowing all IO and network access. I'm restricting it to going through my API.

1 more reply

j / k navigate · click thread line to collapse