[yedidmh]

Anyone have advise or links for how to dynamically run untrusted code in production? Specifically NodeJS.

It looks like the isolated-vm package is the go-to, but understandably it prevents things like fetch or being able to import packages.

I’m thinking to use docker and have a single base image that exposes an API that will take an arbitrary string, check for and install imports, then eval (eesh) the code, but before going down the road of implementing it myself and going crazy over properly securing the containers I’m thinking that there has got to be some prior art. How are Codesandbox et al doing it?

[weitendorf]

I recommend gvisor: https://gvisor.dev/

If you want to learn more about this subject the keyword you’re looking for is “multitenancy”

Docker’s container runtime is not really a safe way to run untrusted code. I don’t recommend relying on it.

Also, why would an isolated vm prevent fetch? You can give your users NAT addresses to let them make outbound network calls. I am putting the finishing touches on a remote IDE that does exactly that.

[yedidmh]

I would give you a hundred upvotes if I could. This is a fantastic resource, looks perfect for what I want

[s_ting765]

Keep docker. As long as you do not expose volumes back to the host system, it is reasonably safe (despite the misconceptions it comes with good security defaults).

If you want to further lock this down, there are many tools such as apparmor and seccomp that you can add custom profiles with but a good starting point would be:

docker run --security-opt no-new-privileges --cap-drop ALL untrusted-image

[yedidmh]

Thanks!

[yjftsjthsd-h]

What is your threat model / what are you trying to stop from happening?

[yedidmh]

I want to prevent attempts to example break out of the container into the parent system

[pveierland]

Depending on your criteria, a server like https://github.com/supabase/edge-runtime could be a fit.

[neapolisbeach]

Nsjail, firecracker, gVisor, or v8 isolates are all good options with different tradeoffs