security - Securely running user's code -
i looking create ai environment users can submit own code ai , let them compete. language anything, easy learn javascript or python preferred.
basically see 3 options couple of variants:
make own language, e.g. javascript clone basic features variables, loops, conditionals, arrays, etc. lot of work if want implement common language features.
1.1 take existing language , strip core. remove lots of features from, say, python until there nothing left above (variables, conditionals, etc.). still lot of work, if want keep date upstream (though ignore upstream).
use language's built-in features lock down. know php can disable functions , searching around, similar solutions seem exist python (with lots , lots of caveats). i'd need have understanding of language's features , not miss anything.
2.1. make preprocessor rejects code dangerous stuff (preferably whitelist based). similar option 1, except have implement parser , not implement features: preprocessor has understand language can have variables named "eval" not call function named "eval". still lot of work, more manageable option 1.
2.2. run code in locked-down environment. chroot, no unnecessary permissions... perhaps in virtual machine or container. in sense. i'd have research how achieve , how make give me results in secure way, seems doable.
manually read through code. doable on small scale or moderators, though still tedious , error-prone (i might miss stuff
if (user.id = 0)
).
the way imagine 2.2 work this: run both ais in virtual machine (or something) , constrain communicate host machine (no other internet or lan access). both ais run in separate machine , communicate each other (well, playing field, , thereby see each other's positions) through api running on host.
option 2.2 seems doable, relatively hacky... let someone's code loose in virtualized or locked down environment, hoping that'll keep them in while giving them free game dos or break out of environment. again, other options not better.
tl;dr: in essence question is: how let people give me 'logic' ai (which think done using code) , run without compromising functionality of system? there must @ least 2 ais working on same playing field.
this plugin system, researching how others implement plugins starting point. in particular, i'd @ web browsers chrome , safari , plugin systems.
a common theme in modern plugins systems process isolation. ideally should run plugin in own process space in sandbox. in os x @ xpc, designed explicitly problem. on linux (or more portably), @ nacl (native client). jvm designed provide sandboxing, , offers rich selection of languages. (that said, don't consider jvm strong sandbox. it's had history of security problems.)
in general, preference on these kinds of projects language-agnostic api. use rest apis (or "rest-like"). allows plugin highly restricted, while not restricting language choice. simple http communications whenever possible because has rich support in numerous languages, puts little restriction on plugin. in fact, given description, wouldn't have run plugin on hardware (and not on main server). making plugins remote clients removes many potential concerns.
but ultimately, think "2.2" right direction.
Comments
Post a Comment