vmg-dev
Do elixir processes provide similar isolation as os processes? (I'm trying to understand the risk of a sandbox escape from a v8 isolate)
As the title says, I want to run untrusted code in a v8 isolate and I’m wondering if elixir processes provide similar isolation as os processes. One of the risks with v8 sandbox escapes is that they will have access to shared process memory. My understanding of elixir processes is that they don’t share memory so my assumption is a sandbox escape would not have a similar blast radius? If I were to combine elixir process with seccomp filters would I be fine?
Marked As Solved
D4no0
Rustler uses NIFs by default. All the NIFs are being called from schedulers processes that are running usually on each OS thread. There is no possible isolation, as elixir processes are application level abstraction, the VM is a program written in C that executes code.
This can be done easily by making your rust application as a CLI and run it alongside your elixir app. You can take a look at Port for examples.
Also Liked
vmg-dev
Got it, thanks for the help.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









