Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Sandboxed mode" for evaluating untrusted code #4

Open
dvdkhlng opened this issue Aug 3, 2022 · 1 comment
Open

"Sandboxed mode" for evaluating untrusted code #4

dvdkhlng opened this issue Aug 3, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@dvdkhlng
Copy link

dvdkhlng commented Aug 3, 2022

Hi,

I'm trying to find out ways to extend the TIC-80 "Fantasy Game Console" so that it can be scripted in Lisp (currently it supports among others: lua, javascript, ruby etc.).

Tisp tiny lisp is one of the few lisps that seems to be suitable for the job: almost no library and/or build-system dependencies, and no obvious ways to escape from lisp (when run with a sufficiently stripped down set of primitives).

Unfortunately the default primitives included seem to be unsuitable for running untrusted 3rd party code, e.g.

  • file operations in io.c are a no-go.
  • os.c intermingles unsuitable primitives like prim_cd() with other primitves prim_now() that I'd like to keep
  • tisp.c prim_load() needs to be disabled

Anything else one needs to take care off to properly sandbox off tisp? Should sandboxing be something controlled during compile-time (CPPFLAGS+=-D SANDBOXED) or a flag selected at run-time, stored in struct Tsp?

And then Tisp's documentation states that the language is "not yet stable". Of course it would be nice if scripts developed against current Tisp would not break in future Tisp versions (otherwise upgrading the Tisp embedded into TIC-80 would carry quite some validation/backporting efforts). May I ask what the status WRT language stability is right now?

cheers,

David
@edvb
Copy link
Owner

edvb commented Dec 1, 2024

Hi David,

Thanks for your interest in the language! Unfortunately I have not had much time to work on it recently as I am in the middle of a PhD, so I apologize for the very late response. I have been able to dedicate more time to it recently and have made some major progress. The language is still far from stable right now, but it is getting closer.

Better support for sandboxing is a high priority for me, so I appreciate your suggestions. The language is designed to be modular, so you simply don't have to include io.c or os.c when you embed it into any application or environment (such as TIC-80). I agree that now and time should be separated into their own time.c library, and perhaps cd should be moved into a system library. I also agree that prim_load() should be a library feature and not part of the core language, so should probably be moved to io.c

I am open to a possible compile or run time flag as long as it does not increase complexity too much, however I am not sure if it is needed if the language is properly modularized. I would rather pursue a model for sandboxing similar to web assembly and Roc's platforms where all non-sandboxed functions have to be explicitly imported.

Please let me know your thoughts on this and if you think this would be a valid solution. Support for TIC-80 is definitely something I am interested in doing, perhaps when the language is more mature and a little closer to v1.0.

I am currently looking for help so if you are interested in contributing to the language please reach out!

Thanks,
Ed

@edvb edvb added the enhancement New feature or request label Dec 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvdkhlng @edvb