gf3
commented
10 years ago Unfortunately I don't have a lot of spare time to commit to this project. Pull-requests are always welcome!
Closed hopehopehope closed 10 years ago
gf3
commented
10 years ago Unfortunately I don't have a lot of spare time to commit to this project. Pull-requests are always welcome!
I have browsed the code of sandbox and I get the idea that somehow we make this sandboxing happening by way of spawing a childprocess which cannot anymore easily access stuff (i.e. I could imagine that there is a case not allowing require("fs") to happen, since this way we can be safer that no modification to files will happen).
Is this proceding of 1) spawn a child process 2) limit its access to privileged stuff (what that is, might be defined, right? i.e. sometimes my sandbox should allow fs reads but no fs.writes, sometimes neither) for the child process.
Actually maybe it is the other way 2) then 1) .... anyway
My suggestion or "issue" would be that it would imho greatly improve the understanding if the documentaiton gave some glue on how this sandboxing is actually achieved. By this it would also allow to seek for potential ways to escape the sandbox, which in turn can then be used to improve the sandbox.
I think sandbox is great!.