PistonDevelopers / dyon

A rusty dynamically typed scripting language
Apache License 2.0
1.77k stars 55 forks source link

Sandbox Untrusted Code? #684

Open Aurailus opened 3 years ago

Aurailus commented 3 years ago

Hello! I'm a game developer and I'm considering using dyon in my current project. I was wondering if it has the ability to sandbox untrusted code, as I'd like to have user-created scripts running on clients, and it would obviously be an issue if those scripts could maliciously affect clients. Thank you in advance!

bvssvni commented 3 years ago

You can disable file, http and threading with Cargo features: https://github.com/PistonDevelopers/dyon/blob/master/Cargo.toml#L29

Aurailus commented 3 years ago

Thanks for your reply! I guess what I'm really wondering is if it's possible to access the system maliciously with scripts running in Dyon. Like, can you manipulate raw memory? Spawn new processes. I've browsed the readme and it seems like sandbox support isn't a design goal but I wanted to check anyway, because this seems like a great language that I'd love to use in my project.