What are my choices for server side sandboxed scripting?

Question

I'm building a public website where users share data and scripts to run over some data. The scripts are run serverside in some sort of sandbox without other interaction this cycle: my Perl program reads from a database a User made script, adds the data to be processed into the script ( ie: a JSON document) then calls the interpreter, it returns the response( a JSON document or plain text), i save it to the database with my perl script. The script should be able to have some access to built in functions added to the scripting language by myself, but nothing more.

So i've stumbled upon node.js as a javascript interpreter, and and hour or so ago with Google's V8(does v8 makes sense for this kind of thing?). CoffeeScript also came to my mind, since it looks nice and it's still Javascript.

I think javascript is widespread enough and more "sandboxeable" since it doesn't have OS calls or anything remotely insecure ( i think ).

by the way, i'm writing the system on Perl and Php for the front end.

To improve the question: I'm choosing Javascript because i think is secure and simple enough to implement with node.js, but what other alternatives are for achieving this kind of task? Lua? Python? I just can't find information on how to run a sandboxed interpreter in a proper way.

It's not clear what you're asking. Is it possible? Sure, it's possible. — Robert Harvey, Mar 04 '12 at 16:51

score 3 · Answer 1 · answered May 26 '15 at 09:19

3

Java contains built-in JavaScript interpreter. It is not by default sandboxed, but this can be enabled by:

setting correct class shutter - JavaScript can normally load Java classes. Class shutter is a kind of security manager which decides which classes can be loaded and which can't.
"startup" script - short JavaScript initialization which deletes access points to the outer system: java = undefined;Packages = undefined;org = undefined;

If you do this, scripts running inside should not be able to access outside environment in any way.

It also provides script time-out and instruction count limiting functionality which is useful for sandboxing - you can limit how long or how complex the script is.

I used this in Java 7 which has Rhino JavaScript engine. Java 8 has newer, more modern engine Nashorn - I didn't try it with Nashorn but I expect it should be similar.

answered May 26 '15 at 09:19

qbd

2,876
1
12
16

Can you whitelist rather than blacklist? – Petah May 26 '15 at 09:22
@Petah, you can first disable (blacklist) everything and then push some specific functionality in the form of object into the sandbox. This is then essentially whitelisting, so yes, you can do that. – qbd May 26 '15 at 10:46
JavaScript knowledge is widespread enough to make it a good choice as a scripting language. You may want to define some globals as well as calls for users since you are restricting access to calls. Think of how the browser defines `window` variables for JavaScript to enable interaction. – Michael Shopsin May 26 '15 at 15:47

score 2 · Answer 2 · answered Mar 04 '12 at 19:12

2

my first thought was node.js - as you mentiond above it's a javascript-interpreter. And that's exactly the thing you need, if you want to sandbox the scripts in a really secure way.

Another way could be, that you check every command in a script, if it's valid or not. But I don't think that you will get a secure sandbox.

Greetings

answered Mar 04 '12 at 19:12

Tobi

121
2

Is there any sandboxing suport i NodeJS or available with NodeJS? – ysdx Mar 04 '12 at 21:07
4

Found this: http://gf3.github.com/sandbox/ – ysdx Mar 04 '12 at 21:12
+1 for the great link to the "NIFTY JAVASCRIPT SANDBOX FOR NODE.JS". – Jack Stone Jun 26 '12 at 18:42
Note: gf3 sandbox can be broken out of. – Petah May 26 '15 at 08:08

What are my choices for server side sandboxed scripting?

2 Answers2