Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
redleader55 5 days ago

The author states:

> The code is executed using Pyodide in Deno and is therefore isolated from the rest of the operating system.

To me personally, the premise is a bit naive - it assumes that deno's WASM VM doesn't have exploits, that pyodide doesn't have bugs, etc. It might as well ask the LLM to produce javascript code and run it under deno and then it would be simpler.

In the end, the problem is one of risk budget. If you're running this in a VM you control and it's only you running your own prompts on it, maybe it's "good enough". If on the other hand, you want to sell this service to others who will attack your infrastructure, then no - it's not even close to be enough.

Your question is a bit vague because it doesn't explain what "best way" means for you. Cheap, secure, implementable by a person over a weekend?

fragmede 5 days ago | parent | next [-]

The answer, I think, is to push running the VM back onto the user, and build on top of Fabrice's JS Linux and run the sandbox on the user's machine. That way at the very worst they can escape and steal their own cookies from the browser process the VM is running on/in.

achierius 5 days ago | parent | prev [-]

> premise is a bit naive - it assumes that deno's WASM VM doesn't have exploits, that pyodide doesn't have bugs,

Eh, I wouldn't call this naive. Two points:

1. Pyodide bugs should not be a huge concern here. As long as your python code is executing on top of a JS runtime, the runtime is what matters first and foremost from a security pov.

2. Yes, it's possible for Deno to have bugs. But frankly: it's much less likely to than most any other method for doing this sort of sandboxing. Deno sits on v8, which is the engine used by Chrome, and there are very few applications in the world which have a closer eye and larger dedicated security budget than Chrome. V8 can have bugs, sure, but I would expect they (along with JSC and maybe SpiderMonkey) will have far fewer than any other runtime for a serious dynamic language on the market today.

Yes, a VM would be better (and frankly, when you're talking about running Python on top of a JS runtime, might not even be less performance), but the reason why is not that they "have fewer bugs".