英文:
How to sandbox a go program
问题
是的。请参考GAE w/ Go或play.golang.org。
这是如何实现的?
在我特定的情况下,我想允许使用Go编写的不受信任的扩展程序。我想Go Playground可能正是我所需要的。它是开源的吗?或者至少有关于如何构建类似服务的文档吗?
注意:
code.google.com/p/go-playground是Go Playground编辑器的源代码。但沙箱隐藏在对http://golang.org/compile?output=json的POST请求后面。
英文:
Q: Is there a way to sandbox a Go program?
A: Yes. See GAE w/ Go or play.golang.org
How is this done?
In my particular case I'd like to allow untrusted extensions written in Go. I imagine the Go Playground is exactly what I'd need. Is it open source? Or is there at least some documentation on how to build a similar service?
note:
code.google.com/p/go-playground is the source for the Go Playground editor. But the sandbox is hidden behind a POST to http://golang.org/compile?output=json.
答案1
得分: 12
游乐场沙盒技术,据我所知,不是开源的。其中一个原因是,我认为公开披露实现细节会使任何攻击尝试变得更加容易。
如果要自己构建沙盒,我建议提供伪造/空/受限版本的{unsafe,runtime,net,os,syscall}包,并禁止GOMAXPROCS超过1。但设计必须根据您对沙盒的定义进行定制。文件访问是/否/受限?网络是/否/受限?等等...最后但并非最不重要的是,应该禁用CGO、汇编代码,甚至可能连构建标签也要禁用。
请注意,上述列表是不完整的。
英文:
The playground sandboxing technology is, AFAIK, not open sourced. One of the reasons for this is, I think, that disclosing publicly the implementation details would make any attack attempts substantially easier.
I would suggest to, if rolling your own sandbox, to provide fake/empty/limited versions of the {unsafe,runtime,net,os,syscall} packages and disallow GOMAXPROCS above 1. But the design must be tailored to the very your definition of a sandbox. File access yes/no/restricted? Networking yes/no/restricted? etc... Last but not least, one should probably disable CGO, assembler code and probably even build tags.
Consider the above list is incomplete.
答案2
得分: 3
根据http://blog.golang.org/playground,Go Playground中的沙盒使用NaCl来限制CPU和RAM的使用。该代码已合并到Go版本1.3中。
英文:
According to http://blog.golang.org/playground , the sandbox in the go playground uses NaCl to limit CPU and RAM usage. The code for it has been merged into go version 1.3.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论