Open tjbck opened 4 months ago
We have come to an internal agreement that we definitely need a sandbox of some kind. More ideas are always welcome, thanks @EtiennePerot
I have created a sandboxed code execution tool (Bash and Python both supported) and uploaded it to GitHub and to the Open WebUI portal. It uses gVisor to isolate the host system from the arbitrary code running in the sandbox. Network access can be selectively enabled. To avoid overloading the system, it supports limiting execution to a maximum number of seconds, and optionally limiting the memory the code is allowed to use. Let me know what you think.
One thing I'm confused about is how this can be practically used in the context of Open WebUI pipelines. As far as I can tell, these don't have access to the tools (or at least not yet?).
For now, I can use the tool locally, and it runs inside the Open WebUI container itself. This is fine for my needs as I am the sole user of my own instance, but please let me know if there is a better way to integrate this.
Adding a code generation pipeline to Open WebUI would be amazing, but it needs to be securely sandboxed. Even if the generated code is harmless, it's easy for it to accidentally pull in a dependency that executes remote code.
I work on gVisor, which is what ChatGPT uses for sandboxing code execution (as proof, try to make it run the
dmesg
command in its code execution environment). I use Open WebUI myself on my home server, and would love if it supported code execution. Let me know if I can help or assist here.