How do websites safely host and execute user's code
Question
How do websites and other web services, such as Google App Engine or WordPress etc... safely allow people to upload any code they want without periodically having damage done by user's code? I was working on a project that basically uses a more complicated implementation of 'Eval()' in Python to execute code uploaded by users. I was thinking of trying to do this safely, by instead of hosting code, instead make developers host code and I can access it like an api? Or possibly have to approve it all (Like they do on the app Store).
Anyways, just to rephrase, How can I safely host and execute code uploaded by a user?
1 answers
solution1
0 2012-10-01 21:10:17
Python interåreter had sandboxing as a feature goal in the past. However it dis not work out very well for Python.
Something what's left is RestrictedPython (deployed every on Plone site out there):
http://pypi.python.org/pypi/RestrictedPython
It's basically an eval() which modifies Python AST before execution. Useful for few line scripts, not useful for real application development.
However if I were you I wouldn't try to create sandboxing on a VM level. Instead I'd create jailed / chrooted UNIX processes which have read-only access to everything (disk, network, etc.) and a killing timeout for too long execution. This is pretty much how App Engine does it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.