3

Actually i am doing sanboxing through child process. I am using vm.runincontext method to run scripts. I am passing code to child process using child.stdin.write and reciving in child using stdin.on('data' function())... now what i want is that script can access some node.js objects or user defined object through context and that context will be passed to child process dynamically and it will run sanbox in that context. currently i am creating context object in child process but i don't want that i want to pass context object to child process.

Improve this question

3 Answers 3

Reset to default
4

Consider what you're asking. You would have to serialize not only the current execution context, but all other upstream contexts, the entire global namespace, file descriptors...

In other words, this would be an insane amount of work, and you can't. :-)

What you can do is serialize data and send that back and forth over the stdout/stdin handles. That's how this problem is typically solved.

Hope that helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

In general you can't really do this sort of thing, as basically you are trying to share data (ie memory) across processes which is a big no-no

But using nowjs can get you pretty close. Check out nowjs and hook all of your processes up to it

Improve this answer

2 Comments

So the only approach left is to use vm.runincontext in same process which is quite risky.
That's only way i think which allows me to run script in specific sandbox.
0

Runnig objects in other context, using VM.runInContext have a sense only in one process, so, code in context can be isolated from other code in the same process. When you use child processes, each of them already have its own context, which independent from parent process context. Its not so clearly understandable, what exactly you need? Do you want to transfer some context from parent process to child? or you want to execute some code in child process in the context, which isolated from other code in this child? I thik you just should fork some dedicated child process just specially for code, which should be sandboxed (even without using vm module) and pass it data for handle. If you have a problems with transfering some types, like BigInt, or typed arrays, just use { serialization: 'advanced' } and exchange data between parent and child, using send method and 'message' event, instead transfering data by writing to stdin:

parent.js:

// note: this context isolated from child
const { fork } = require('child_process')

const subProcess = fork('./child.js', [], {
  serialization: 'advanced'
})

subProcess.send({
  a: 123n,
  b: Buffer.from([1,2,3]),
  c: Int32Array.from([3,2,1])
})

subProcess.on('message', msg => console.log('parent:', msg))

child.js:

// note: this context isolated from parent
process.on('message', msg => {
  console.log('child:', msg)
  process.send('catch it!')
})
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.