Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pfrazee/process-sandbox

Run javascript in sandboxed child processes
https://github.com/pfrazee/process-sandbox

Last synced: 11 days ago
JSON representation

Run javascript in sandboxed child processes

Host: GitHub
URL: https://github.com/pfrazee/process-sandbox
Owner: pfrazee
Created: 2016-02-03T15:43:49.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2016-02-03T19:13:13.000Z (almost 9 years ago)
Last Synced: 2024-10-30T15:54:39.319Z (about 2 months ago)
Language: JavaScript
Size: 8.79 KB
Stars: 3
Watchers: 4
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Process Sandbox

Run javascript in sandboxed child processes.

**Basic Usage**

`parent.js`

```js

var path = require('path')

var processSandbox = require('process-sandbox')

// create a manager

var ps = processSandbox()

// spawn a script

var pingProcess = ps.spawn({

  path: path.join(__dirname, 'ping.js'), // script to execute

  manifest: { ping: 'async' } // muxrpc manifest for the target script

})

// communicate with the script

pingProcess.ipcApi.ping('foo', (err, res) => {

  console.log(res) // 'pong foo'

  // kill the script

  ps.kill(pingProcess)

  // or kill all scripts

  ps.killAll()

})

```

`ping.js`

```js

console.log('ping script active')

exports.ping = function (v, cb) {

  cb(null, 'pong '+v)

}

```

**Adding Methods to the Sandbox**

`parent.js`

```js

var helloProcess = ps.spawn({

  path: path.join(__dirname, 'hello.js'), // script to execute

  env: {

    manifest: { whoami: 'async' }, // muxrpc manifest for the environment

    api: { whoami: cb => cb(null, 'Bob') } // api for the environment

  }

})

```

`hello.js`

```js

whoami((err, name) => {

  console.log('Hello, world. I am', name)

})

```

## Sandbox

`spawn()` creates a child process, and then uses the [node vm api](https://nodejs.org/api/vm.html) to create a context without access to any of the node APIs.

The context is configured in [loader.js](./loader.js).

In addition to same basic methods (like `console` functions) the context will include the methods supplied in the `env` options of `spawn()`.

**Possible avenues for improvement:**

If some JS were ever able to break its VM context, within its own process or another (via IPC), it would have the same rights as the compromised process.

We might mitigate this at the OS-level, using the same techniques that browsers use.

From https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandboxing.md:

 - Linux: `setuid()` and `setgid()`

 - Linux: [seccomp](https://wiki.mozilla.org/Security/Sandbox/Seccomp)

## IPC

The parent and child processes communicate using [muxrpc](npm.im/muxrpc) over STDIO.

From the parent, the child API is available via `childProcessObj.ipcApi.*`.

From the child, the parent API is mixed into the global object.