Allowing the user a sandboxed version of a programming language

Question

Note: I'd appreciate some tag suggestions for this one..

I'd like to provide my users with a method of programmatically manipulating data on the server. This would be done by using an in-browser code editor to be executed at a later date, not dissimilar to the manner https://www.onx.ms employ.

I'd like to avoid writing a DSL (a barrier to adoption?), and would prefer the language that the user writes to be either JavaScript or Ruby based.

My obvious concern is security. I understand the perils of allowing user generated code to run server-side, but what steps can I take to eliminate the risk?

Do sites like http://railsforzombies.com actually use irb, or is it far simpler than that?

Answer 1

Google Caja lets you safely embed user-specified Javascript in your website, but I think it might be aimed at running the code in the user's browser rather than on your server. I haven't used it myself.

I don't know if there are ready-made solutions for other languages, but I think a custom solution would involve recompiling the interpreter yourself after removing all API libraries that allow the user to write to disk, open network connections, fork processes/threads, and do any other dangerous or denial-of-service operation. Whitelisting "safe" libraries is the only approach that could work for that.

It would be safer if you had separate virtual servers for individual users.

Answer 2

Would you consider Java (or other JVM languages such as JRuby, Scala, Clojure etc)? If so - there is a wealth of power in the JVM to restrict the privileges of a sandboxed app. See this other question for details: How do I create a Java sandbox?