Exploring Sandboxing in Programming: A Look at Deno, Python and Beyond by Md. Almas Ali Oct. 31, 2024, 6:23 p.m. Secure Systems 61 3 min
Python Git GitHub Linux Ubuntu Windows Flask Sandbox Deno System Security

Sandbox in Programming and System Security

Recently, while scrolling through YouTube, I stumbled upon a promotional video for the Deno 2 release. The engaging content caught my attention, and I found myself diving deeper into the Deno 2 official YouTube channel. One particular feature piqued my interest: Deno restricts scripts from accessing disk, network, and other operations, similar to how browsers manage permissions for camera, location, or microphone access. This concept, applied to backend systems, was intriguing and new to me.

As a hobbyist language creator, I maintain a language called Radon, which is implemented in Python. Inspired by Deno's approach, I decided to experiment with this concept. After collaborating with a contributor and several iterations, we successfully built a working prototype that effectively manages resource access.

This success led me to ponder whether it would be possible to implement similar sandboxing features in other programming languages without altering their core architectures. After a few hours of brainstorming and research, I discovered several blog posts discussing sandboxing techniques that do not rely on virtual machines or self-hosted solutions. One such resource is the blog post titled “Running Untrusted Python Code,” which offers a solid introduction to system safety and sandboxing principles.

Key Sandboxing Techniques

In the blog, the author mentions several existing packages that can facilitate sandboxing in Python:

  1. Pyseccomp: This package is a binding for the Linux libseccomp library, providing a system-level API to restrict various operations. However, it is limited to Linux systems, meaning it won't work on Windows or Mac. Additionally, after reviewing its GitHub repository, I noticed a lack of comprehensive documentation, which makes understanding its functionality a bit challenging for those who are not well-versed in the underlying code.

  2. Setrlimit: This built-in Python library allows developers to set limits on system resources without a full sandbox environment. It utilizes a Linux-level API, making it a viable option across different systems. The setrlimit function can enforce restrictions on resources like overall CPU time, maximum virtual memory size, and maximum file size created by the process. Given its inclusion in Python's standard library, it is a more universally applicable solution, although I have yet to conduct thorough testing.

The author of the blog also showcased a web-based application with a Flask backend and Next.js frontend that simulates a permission sandbox. You can check it out at https://untrusted-python.vercel.app/" target="_new" rel="noopener">untrusted-python.vercel.app, with the source code available on https://github.com/healeycodes/untrusted-python" target="_new" rel="noopener">GitHub. This architecture acts as a middleware, standing between a program and the system, validating resource access and adhering to predefined rules in the absence of an internal permission handling system.

Moreover, https://doc.pypy.org/en/latest/sandbox.html">PyPy, an alternative Python implementation featuring a JIT compiler, offers a respectable sandbox for testing untrusted code without needing a virtual machine.

Conclusion

The key takeaway from this exploration is that modifying a language’s inherent architecture for sandboxing is not the most practical approach. Instead, leveraging existing tools and libraries can provide robust solutions for managing permissions and enhancing security in programming environments. As we continue to explore these concepts, it becomes clear that there are numerous avenues to ensure safety and control in software development without reinventing the wheel.

Comments: 0

Add Comment

Please Login to comment.

Related posts

Copyright © 2023-Almas Ali All Rights Reserved