Re: [ANN] New project: Safe Lua

[Josh Simmons <simmons.44@...>]

On Wed, Aug 3, 2011 at 4:30 AM, Stefan Reich
<stefan.reich.maker.of.eye@googlemail.com> wrote:
> Hello Lua people!
>
> I am currently realizing some ideas I have had for a long time
> regarding fine-grained customizable sandboxes.
>
> I had an earlier research project called "Imaginary Microcomputers"
> that explored this (parts of it still online) plus a few other
> projects. These projects yielded insights and prototypes; but what
> they lacked was the right programming language for the job.
> (Noteworthy language candidates included: Assembly, Java, Python, and
> "E".)
>
> There are very interesting applications for customizable, light-weight
> sandboxes that, to my knowledge, have not been realized anywhere yet.
>
> It all starts with a system that can run untrusted code safely. And
> then, optionally, you go on to connect running programs to each other
> in a well-defined, restricted way.
>
> I am happy to report that I think I have now finally found a language
> that is suitable for implementing this. As you may have guessed by
> now: It's Lua :)
>
> Lua seems to provide all the necessary means to create real sandboxes
> and extend/modify them the way I want. Even CPU and memory consumption
> can be limited which is an important feature that many other candidate
> languages I looked at did not provide.
>
> Here's the project homepage: http://safelua.sf.net
>
> I made a first release with a very simple script runner (safelua.lua)
> and two examples, downloadable from the project page.
>
> A general note: I don't intend to really "own" this project. I do want
> to maintain my own page about it. And maybe maintain some sort of
> steering oversight because I have a vision I want to see realized.
> Other than that, I really do welcome any and all collaboration here.
> And of course, you can always fork the thing if you feel that your
> vision is somehow cooler (hotter?) than mine :)
>
> In fact, if a better system exists that suits all my needs, I will be
> happy to throw mine away and use that system instead. However, I don't
> know of any such system yet.
>
> So, it does look like we're building something new here.
>
> Many components will want to be realized. A language definition for
> Safe Lua (quite simple really, it's just Lua with less globals and a
> bit of a new API). Safe Lua script runners, textual as well as
> graphical. Some simple means to combine scripts with each other.
> Standard components that take other scripts as input and/or output
> (this is where the real power of the approach begins).
>
> As for possible applications, here's a few:
>
> -Safe, portable, mobile agents
> -Execution of untrusted code without worries
> -Migrating running code from one machine to another with a single click
> -Cloning running programs with equally little effort
> -Orthogonal or semi-orthogonal persistence
> -Logging of each and all activity, including full replayability - live
> or post-portem
> -Self-unpacking data with arbitrary algorithms (procedural compression)
> -A complete "Safe Lua OS" could be developed, providing perfect
> portability and much better and easier to handle security than
> traditional OSes
>
> So... well well. As I said before: Contributions, questions or ideas
> will be very appreciated. (Don't flame me though... I might flame
> back! *grins broadly*)
>
> Best regards to you all,
>
> Stefan Reich
> Software enthusiast / Activist of the German revolution
>
>

I'm not super sure what exactly you're going for here, Lua already is
very easy to sandbox completely the issue is providing "safe" APIs
that provide enough power to be useful. And that becomes more than
just safety it turns into the job of providing fine grained
permissions to individual applications.

If these kind of things are your goals then existing projects already
provide similar but more powerful control over these issues, things
like Linux cgroups and Chrome's NaCL.