LunarML icon indicating copy to clipboard operation
LunarML copied to clipboard
verified publisher icon minoki

application level SML/Lua/OpenResty sandboxing and vhosts (feature request or a pointer where to look)

Open mnegovanovic opened this issue 8 months ago • 3 comments

Hi minoki

what i want to do is have vhost like environment in openresty where each request is executed in standalone mode with restricted (filesystem, OS, ngx) access to resources. Openresty does good job of isolating requests, its about restricting the access to resources.

What i figured out so far:

  1. on lua side setfenv ... restrict access to io., os. etc. (there is a whole list of safe/unsafe Lua calls on the web)
  2. SML side ... tweak LunarML compiler and basis to restrict access to TextIO, OS, or Posix etc. (GROK supplied analysis i need to investigate properly)

Now my question ... how hard would be to implement SML part ... tweaks to LunarML needed to support sandboxing. Ideally I would just supply a flag --sandbox to compiler and it all works.

Any pointers regarding implementing this? I would not mind working on this myself.

Regards

mnegovanovic avatar Jun 21 '25 05:06 mnegovanovic

... whats probably not clear ... hosted env, compilation of SML functions on demand and deployment. (why I want to restrict at SML compiler level)

mnegovanovic avatar Jun 21 '25 07:06 mnegovanovic

I don't quite get what functionality is needed... You mean the restriction on the Lua side is not enough? Maybe some part of ML code need to access the io, os, etc? Some pseudo-code might be helpful.

Supporting OpenResty is definitely interesting. Maybe I should learn to use it.

minoki avatar Jun 24 '25 12:06 minoki

http://lua-users.org/wiki/SandBoxes https://www.lua.org/pil/14.3.html

that's lua ... and its fine, i will do that probably.

On compiler side ... --sandbox flag that makes compiler error out if user is requesting access to system resources (file system primarily but actually i would not mind looking at source code and marking functions safe/unsafe ... this would probably be in the basis). Compiler changes to support whole sand-boxing idea (this i don't know, i need pointers).

Idea is to have hosted SML functions ... the way Lua is dynamic allows to do interesting things in openresty. Its possible already to do vhost-ing ... AWS Lamda like functionality is not straightforward but its doable. Iam thinking about the use-case where you hook up Amazon API Gateway with Lamdas and serve HTTP. OpenResty can serve lots of things, but HTTP and websockets are important.

How it would work from development cycle side ... there will be SDK to develop locally, and upload to the "cloud", but you upload SML source code that now gets compiled by our enhanced lunarml --sandbox --luajit --lib that simply refuses to compile if access to file system for example is requested. Thats what I am thinking about at the moment.

Basically ... we have openresty SML/Lua application already running on the cluster of servers ... new SML code is uploaded, compiled and loaded at runtime .... and then hosted at '/username/function_name'. I didn't yet consider "ergonomic" of how it will look like exactly. But its a SML function that can accept (or knows where to find) allowed resources (DB, redis, memcached, etc) and has all other access restricted.

I need to carefully consider the implications of restricting access, just in case we don't shoot ourselves in the foot and have something which is not workable.

Let me know if this makes sense.

mnegovanovic avatar Jun 24 '25 13:06 mnegovanovic