Is there a sandbox mode in Elixir?

I want to know there are a good way to run elixir code in sandbox mode :slight_smile: , Haven’t check much yet, just want to get a guide or idea.

(Edited in from title: Can Elixir create something like sandbox mode. so that I can let other send elixir code compute on my system then get result but limit by my limit resource)

Theoretically by handling the compilation yourself (not as hard as you might imagine, though still not easy), however to my knowledge it has not been done yet. The easiest way to sandbox such code might be to just jail/zone it or so. A sandbox’d Erlang interpreter was being made by someone once, unsure how that went…

1 Like

There have been a couple “elixir in a web site window” projects. I think what they did was start a Docker contianer with the code and kill it after Time X if the code had not exited.

In compiled code no. The only way you can limit what gets called is by limiting which modules are available. With interpreted code you can try to limit which modules/functions are called but it is generally possible to get past if that if you are sneaky, you can build calls/code on the fly and if you have ONE thing which accepts a meta-call you are screwed.

The safest way is to run it in a separate machine and limit its access to the rest of the system.

The BEAM is not safe in that respect.

2 Likes