2

I am planning to use pyodide inside of node as a sandbox for running (testing and analyzing) Python code on a server. The Python code will be written by students. It will be submitted through a web interface. Although the system is not open to the public, I want the execution system to be as safe as possible against malicious code input. I am well aware that neither node nor pyodide were designed for this type of sandboxing, but if possible, I would like to avoid heavy machinery like virtualization.

Until now, my impression is that the system works as intended. My naive attempts at reading and writing to the file system and spawning processes from Python failed (as they should). However, I am not an IT security expert. Therefore my question is: which attack vectors should I be aware of? Do you think that the system (node+pyodide) in itself is sufficiently secure? Which additional measured so you suggest?

tglas
  • 949
  • 10
  • 19
  • 1
    Pyodide is still in development and too immature to suggest a security risk mitigation plan. I am not aware of a security report being created. I would run Pyodide on a machine that has no privileges elsewhere and nothing valuable internally. You are on the leading edge which means there are possible risks in doing so. FYI: I think most of the development effort is towards Pyodide in the browser and not Node.js on the server. Both have good futures, but developers tend to focus and let testing find porting problems. – John Hanley Sep 26 '22 at 14:58
  • Thanks for your assessment. The fact that pyodide is mostly used (and useful) in the browser is in part why this might work at all. If it would connect to filesystem and other node specific modules, then it would no longer be an effective sandbox. – tglas Sep 26 '22 at 18:36

0 Answers0