Open DaveRandom opened 7 years ago
Thoughts on the best way to do this? (Or any way to do this)
I've been pondering this over the last few days. w.r.t sandboxing I'm increasingly liking the idea of running them in minimal docker containers with networking that cannot directly communicate with the internet, that way PHP itself can be almost entirely unrestricted and we can be happy that even the most malicious plugin code can't do any real damage.
The mechanics of actually getting them to run in a separate process space is simple enough, we just need a basic e.g. JSON-based RPC protocol and a bunch of API wrappers.
So for example the ChatClient
instance that a plugin gets exposes all the same methods as it currently does, but instead of directly performing the action it will send a message to the parent process requesting the action.
The docker thing can be dealt with later as there wouldn't be much to change in the bot code itself, I think first step would probably be to design a set of public APIs for use in plugins - for the most part (if not entirely) this will be a set of interfaces which plugins can ask for in their ctors.
Allow plugins to run in a separate (ideally sandboxed) process space.
102 is part of this task.
177 should probably be done first.