[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Embedding Guile with sandboxing
From: |
Thompson, David |
Subject: |
Re: Embedding Guile with sandboxing |
Date: |
Sat, 21 Nov 2015 16:40:11 -0500 |
On Sat, Nov 21, 2015 at 1:35 PM, Matthew Keeter <address@hidden> wrote:
> I’m currently embedding Python in a C / C++ application that evaluates
> user-provided scripts.
>
> Obviously, this is terribly unsafe: user-provided scripts can execute
> arbitrary malicious actions,
> and there’s no good way to sandbox Python in a desktop context.
>
> If I were to replace Python with Guile, is there a way to sandbox it so that
> arbitrary (perhaps
> malicious) user-provided scripts can be run safely?
I recommend using the features of the underlying operating system to
provide the sandbox. In Linux, one can create new
user/pid/network/mount/etc. namespaces (in other words, a "container")
that isolate a process (or processes) from the rest of the system.
Additionally, you should run the program as an unprivileged user
inside of a chroot.
- Dave