Hi everyone! I’ve been lately working on the launching of the Online Elixir Console application, so I want now to share with the community my feelings and ideas around this project.
This website aims to be a mirror of
iex on the internet, although we still have several features to implement to be comparable with this tool. I think that it is imperative to provide a way to people coming from other languages to try out Elixir without installation requirements. By the way, it is another example of an application built with Phoenix LiveView
At the heart of the project, I’ve been playing with the idea of running Elixir from unknown users relying on a pure-Elixir solution. This solution is, of course, a controversial idea. I had conversations with some people that think that is a hazardous approach, and I empathize with that feeling to some extent. I’m not explicit here about the security implicates of this project because I already wrote about it in the README of the project. Please take a look at it if you find this topic interesting.
Why sticking to a pure-Elixir solution?
Let’s first mention the alternative to have an online application that accepts Elixir code from users and execute it. We could have a setup where the system spawns a dedicated node for each user and keep it around while the session is alive. The user could send subsequent commands, and the backend routes them to the isolated node, where any resource abuse is limited. Limiting some parts of Elixir/Erlang is easier on a per-node basis.
While this solution is more complicated in the infrastructure side, it is feasible and easier to reason from a security point of view. However, it still is my interest to explore further “how much Elixir” can be run with a solution that is more accessible for others. If we can archive that with a pure-Elixir solution, an Elixir package can include a reusable solution for this purpose.
Do I think it is possible to run Elixir code securely in this way? Well, I’m not 100% sure yet. I’m not saying that the deployed Elixir Web Console has known security issues. It does not have any that I’m aware of at the time of writing this. I’m kind of confident with what we have now. At the same time, I’m still waiting for more people using it to have a more solid opinion on the matter. I’m also aware that there are exciting aspects of Elixir that are not currently supported because it would require extra work and research to make it safe.
So, for me, this idea of implementing this so-called “Elixir Sandbox” is a research initiative. Let’s see how far it goes.
How is it going so far?
How is the application doing after its release, in terms of stability, security, and so? Well, the first day, we had a few incidents and security reports, but I was able to solve all these issues during the week. After that point, the application was up and running. We still could see some attempts to break it down in the logs, but this is not intrinsically evil. We think that the curiosity about the security of all this stuff motivated early users to try to prove how good it is the solution, and it’s helping us with the research after all. Keep doing, folks!
Among other existing functional issues that we still have to fix, we plan to add more capabilities (read the README to know the roadmap better). I’m confident about the chances to keep doing it well with a pure-Elixir solution. However, if we notice this is not possible or inconvenient, we will take the approach where the execution of the user code happens in an isolated node.
Regarding the current implementation side of this project, I would like to spend more time trying out some stuff that I learned recently. I’m pretty sure some parts of the code are more complicated than needed, but changes have to be done with caution since our app is already live :D. I can discuss these ideas in this thread if interest exists.
Your feedback is welcome!
If you want to know a little more about the Online Elixir Console and the “Sandboxed Elixir” thing, please take a look at the documentation in the project repository.
I would love to spark a conversation here about the limitations, the implementation, and the future roadmap, so please ask if you have questions. Comments or additional thoughts are more than welcome