11

I'm building a public website where users share data and scripts to run over some data. The scripts are run serverside in some sort of sandbox without other interaction this cycle: my Perl program reads from a database a User made script, adds the data to be processed into the script ( ie: a JSON document) then calls the interpreter, it returns the response( a JSON document or plain text), i save it to the database with my perl script. The script should be able to have some access to built in functions added to the scripting language by myself, but nothing more.

So i've stumbled upon node.js as a javascript interpreter, and and hour or so ago with Google's V8(does v8 makes sense for this kind of thing?). CoffeeScript also came to my mind, since it looks nice and it's still Javascript.

I think javascript is widespread enough and more "sandboxeable" since it doesn't have OS calls or anything remotely insecure ( i think ).

by the way, i'm writing the system on Perl and Php for the front end.

To improve the question: I'm choosing Javascript because i think is secure and simple enough to implement with node.js, but what other alternatives are for achieving this kind of task? Lua? Python? I just can't find information on how to run a sandboxed interpreter in a proper way.

alfa64
  • 413

2 Answers2

3

Java contains built-in JavaScript interpreter. It is not by default sandboxed, but this can be enabled by:

  • setting correct class shutter - JavaScript can normally load Java classes. Class shutter is a kind of security manager which decides which classes can be loaded and which can't.
  • "startup" script - short JavaScript initialization which deletes access points to the outer system: java = undefined;Packages = undefined;org = undefined;

If you do this, scripts running inside should not be able to access outside environment in any way.

It also provides script time-out and instruction count limiting functionality which is useful for sandboxing - you can limit how long or how complex the script is.

I used this in Java 7 which has Rhino JavaScript engine. Java 8 has newer, more modern engine Nashorn - I didn't try it with Nashorn but I expect it should be similar.

qbd
  • 2,936
2

my first thought was node.js - as you mentiond above it's a javascript-interpreter. And that's exactly the thing you need, if you want to sandbox the scripts in a really secure way.

Another way could be, that you check every command in a script, if it's valid or not. But I don't think that you will get a secure sandbox.

Greetings

Tobi
  • 121