← Back to context

Comment by simonw

20 hours ago

Running v8 itself as a sandbox is non-trivial, at least embedded in a Python or Node.js or similar application.

The web is littered with libraries that half do that and then have a note in the README that says "do not rely on this as a secure sandbox".

4 comments

simonw

Reply
MobiusHorizons  19 hours ago

Is it though? I have not personally used these libraries, but a cursory google search reveals several options: - cloudflare/STPyV8: [0] From cloudflare, intended for executing untrusted code. - Pythonmonkey: [1] Embeds spidermonkey. Not clearly security focused, but sandboxing untrusted code is literally the point of browser js engines.

It's a little less clear how you would do this from node, but the v8 embedding instructions should work https://v8.dev/docs/embed even if nodejs is already a copy of v8.

[0]: https://github.com/cloudflare/stpyv8 [1]: https://docs.pythonmonkey.io

  • simonw  19 hours ago

    ... whoa, I don't know how I missed it but I hadn't seen STPyV8 before.

    I'd seen PyV8 and ruled it out as very unmaintained.

    One of my requirements for a sandbox is that it needs to me maintained by a team of professionals who are running a multi-million dollar business on it. Cloudflare certainly count! I wonder what they use STPyV8 for themselves?

    ... on closer inspection it doesn't seem to have the feature I care most about: the ability to constrain memory usage (see comment here https://github.com/cloudflare/stpyv8/blob/57e881c7fbe178c598...) - and there's no built-in support for time limits either, you have to cancel tasks from a separate thread: https://github.com/cloudflare/stpyv8/issues/112

    PythonMonkey looks promising too: the documentation says "MVP as of September 2024" so clearly it's intended to be stable for production use at this point.

    • MobiusHorizons  12 hours ago

      I’m sure you are aware the sandbox that requires maintaining is v8 itself. Of course there are ways for the wrapper to break the sandbox by providing too much in thr global context, but short of that, which the application code could easily do as well, I don’t see why a wrapper should require significant resources to maintain beyond consuming regular updates from upstream. Is there some other reason you hold such a high bar for what is basically just python glue code for the underlying v8 embed api?

      1 reply →