Yeah for sure: run it inside a virtual machine, or do some sort of docker magic.
You kind of need to pretend you are a whole computer for a programming language to be happy. There's built in assumptions they're running on a "real" computer. They assume they've got full access to network and disk. Installing packages often requires compiling C extensions, or running native binaries. All that stuff means the best way to sandbox is to virtualise a whole computer.
It's fun to do it with WebAssembly though, you get a lot of guarantees and it's quite light weight.
I've been playing around with turning it into a sandbox for running code in Python (https://runno.dev/articles/sandbox-python/). This would allow you to safely execute AI generated code.
Generally thinking about more ways to run code in sandbox environments, as I think this will become more important as we are generating a lot of "untrusted" code using Gen AI.
Thanks! Yeah I'm very aware of Pyodide and interested in adopting some of their techniques.
A big difference between my approach and their approach is that Runno is generic across programming languages. Pyodide only works for Python (and can only work for Python).
Big interesting development in this space is the announcement of Endor at WASM IO which I'd like to try out: https://endor.dev/
Really impressed by the depth and breadth of this project, well done!
A particularly interesting part is the socket layer inside the browser. Other people solving this problem have previously used a proxy to a server that does the real socket implementation. This means you can't have a "browser-only" solution.
That does have some major caveats of course: some headers will be totally ignored by the browser due to web restrictions, some will be added/overridden (e.g. user agent), and CORS will apply (which will seriously surprise most Linux tools!).
Still, very neat, agreed. Almost certainly the best you can do without having some kind of backend proxy running on either the server or the user's own machine.
There is support in Docker to run wasm-wasi binaries directly (see: https://wasmlabs.dev/articles/docker-without-containers/). The downside compared to OP's approach is that whatever you're running has to have already been compiled to wasm-wasi. The upside would be much faster execution time (no emulation overhead for x86).
I'm working on this problem as well and would be happy to sling you some thoughts and notes. Check my website https://runno.dev and send an email to the address on that website!
Yeah of course! They've got STDIN/STDOUT/STDERR and I've built a Virtual Filesystem. But if you're using WASI binaries locally they don't have that restriction.
