I'm not sure if sandbox is a good idea. Generally speaking, these serverless codes are written by engineers themselves. If there are security issues, custom plugins are facing the same issue. Sanbox is more suitable for uncontrolled environments, such as you provide a SaaS service that allows users to run their own code.
Thanks, Ming Wen, Apache APISIX PMC Chair Twitter: _WenMing ZhengSong Tu <tzssanggl...@gmail.com> 于2022年3月31日周四 11:24写道: > It is difficult to list all safe functions in the whitelist. > > It's not even possible to tell which functions are safe and which ones are > not. > > *ZhengSong Tu* > My GitHub: https://github.com/tzssangglass > Apache APISIX: https://github.com/apache/apisix > > > 在 2022年3月31日 11:18:35 上,Kwanhur Huang <huang_hua2...@163.com> 写道: > > > Why not whitelist? A list of function allow to use will be better. > > > > > > Kwanhur Huang > > TL;DR > > > > 2022年3月30日 下午1:55,shirui zhao <zhaoth...@gmail.com> 写道: > > > > > > Hello, community, > > > > > > I noticed that Apache APISIX supports serverless plugins for hot loading > > user's code, which is a very nice feature. However, Apache APISIX does > not > > seem to limit the execution environment of these hot codes, and there may > > be some risks. > > > > The hot code loaded by lua and the framework code of the entire system > run > > in the same context. If there is an operation to operate the global > > environment in the hot loaded code, it will affect the function of the > > entire system. I wrote a simple in the issue. example[1]. Worse yet, if a > > hacker uses malicious code, it could exploit this feature to attack the > > user's operating system. > > > > > > So I think Apache APISIX can add a layer of protection when executing hot > > code, so that hot code can run in a sandbox. Here is an article[2] > > describing how to use sandboxing in lua code to safely execute hot code, > we > > can refer to it. > > > > I personally think setting a blacklist of safe functions is more > > appropriate. What is everyone's opinion? Is there a better way to achieve > > this? Welcome to discuss. > > > > > > [1]: https://github.com/apache/apisix/issues/6729 > > > > [2]: http://lua-users.org/wiki/SandBoxes > > > > > > > > -- > > > > Thanks, > > > > Shirui Zhao > > > > > > > > > > >
