I don’t believe BEAM is built with a level of sandboxing required to run untrusted code in mind. Whenever you have a “serverless” architecture, you are allowing programmers to send functions and execute them on a virtual machine somewhere in the cloud, along with other programmers doing the same. I don’t know how technically this is done, but I suspect a strong reliance of OS-level sandboxing and one-off virtual machines, possibly keeping a pool of them already started and allowing instant execution, and then discarding them after the execution. It’s an educated guess but you can probably get to the details here: https://d1.awsstatic.com/whitepapers/Overview-AWS-Lambda-Security.pdf
Now, you could replace all that with BEAM if beam was built to do so. But it’s not. There is a lot of ways to start processes, call functions on current or remote nodes, execute code dynamically. It’s just going to be a nightmare trying to secure that environment and allow execution of untrusted code that needs to be sandboxed. A nightmare to the point of “it ain’t going to happen”, I think.
Similar thread: How to create a sandbox to run untrusted code/modules?
