安全运行用户代码 [英] Securely running user's code

问题描述

我正在寻求创建一个AI环境，用户可以在其中提交自己的AI代码并让他们参与竞争。该语言可以是任何语言，但是更喜欢像JavaScript或Python这样易于学习的语言。

I am looking to create an AI environment where users can submit their own code for the AI and let them compete. The language could be anything, but something easy to learn like JavaScript or Python is preferred.

基本上，我看到三个带有两个变体的选项：

Basically I see three options with a couple of variants:

1. 使用我自己的语言，例如一个JavaScript克隆，它仅具有非常基本的功能，例如变量，循环，条件，数组等。如果我想正确实现公共语言功能，这是很多工作。

1. Make my own language, e.g. a JavaScript clone with only very basic features like variables, loops, conditionals, arrays, etc. This is a lot of work if I want to properly implement common language features.

1.1选取现有语言并将其剥离到其核心。只需从Python中删除很多功能，直到除了上述内容（变量，条件等）之外就什么都没有了。仍然有很多工作要做，特别是如果我想保持与上游保持同步（尽管我也可以只是忽略上游）。

1.1 Take an existing language and strip it to its core. Just remove lots of features from, say, Python until there is nothing left but the above (variables, conditionals, etc.). Still a lot of work, especially if I want to keep up to date with upstream (though I just could also just ignore upstream).

使用一种语言构建的语言-in功能可将其锁定。我从PHP知道可以禁用函数并四处搜索，Python似乎也存在类似的解决方案（有很多警告）。为此，我需要对所有语言的功能都有很好的了解，并且不要错过任何东西。

Use a language's built-in features to lock it down. I know from PHP that you can disable functions and searching around, similar solutions seem to exist for Python (with lots and lots of caveats). For this I'd need to have a good understanding of all the language's features and not miss anything.

2.1。制作一个预处理器，以拒绝带有危险内容（最好是基于白名单）的代码。与选项1相似，除了我只需要实现解析器而不是实现所有功能：预处理器必须理解语言，以便您可以拥有名为 eval的变量，而不必调用名为 eval的函数评估。仍然有很多工作，但是比选项1更易于管理。

2.1. Make a preprocessor that rejects code with dangerous stuff (preferably whitelist based). Similar to option 1, except that I only have to implement the parser and not implement all features: the preprocessor has to understand the language so that you can have variables named "eval" but not call the function named "eval". Still a lot of work, but more manageable than option 1.

2.2。在非常封闭的环境中运行代码。 Chroot，没有不必要的权限...也许在虚拟机或容器中。某种意义上的东西。我必须研究如何实现此目标，以及如何使其以安全的方式为我提供结果，但这似乎是可行的。

2.2. Run the code in a very locked-down environment. Chroot, no unnecessary permissions... perhaps in a virtual machine or container. Something in that sense. I'd have to research how to achieve this and how to make it give me the results in a secure way, but that seems doable.

手动通读所有代码。可以小规模使用或与主持人一起使用，尽管仍然很繁琐且容易出错（我可能会错过 if（user.id = 0）之类的东西）。

Manually read through all code. Doable on a small scale or with moderators, though still tedious and error-prone (I might miss stuff like if (user.id = 0)).

我想象2.2的工作方式是这样的：在虚拟机（或其他东西）中运行两个AI并限制其与之通信仅主机（没有其他Internet或LAN访问）。两种AI都在单独的机器上运行，并通过在主机上运行的API相互通信（嗯，在运动场上，从而可以看到彼此的位置）。

The way I imagine 2.2 to work is like this: run both AIs in a virtual machine (or something) and constrain it to communicate with the host machine only (no other Internet or LAN access). Both AIs run in a separate machine and communicate with each other (well, with the playing field, and thereby they see each other's positions) through an API running on the host.

选项2.2似乎是最可行的，但也比较棘手...我让某人的代码在虚拟化或锁定的环境中松散，希望能保留这些代码，同时为他们提供免费的DoS游戏或脱离环境。再说一次，大多数其他选项并没有更好。

Option 2.2 seems the most doable, but also relatively hacky... I let someone's code loose in a virtualized or locked down environment, hoping that that'll keep them in while giving them free game to DoS or break out of the environment. Then again, most other options are not much better.

TL; DR：本质上我的问题是：我如何让人们给我AI的逻辑（我认为使用代码最容易做到），然后在不损害系统功能的情况下运行它？

TL;DR: in essence my question is: how do I let people give me 'logic' for an AI (which I think is most easily done using code) and then run that without compromising the functionality of the system? There must be at least 2 AIs working on the same playing field.

推荐答案

这实际上只是一个插件系统，因此研究其他人如何实现插件是一个很好的起点。特别是，我将研究Chrome和Safari等网络浏览器及其插件系统。

This is really just a plugin system, so researching how others implement plugins is a good starting point. In particular, I'd look at web browsers like Chrome and Safari and their plugin systems.

现代插件系统中的一个常见主题是进程隔离。理想情况下，您应该在沙盒中的插件自己的进程空间中运行插件。在OS X中查看XPC，它是专门为解决此问题而设计的。在Linux上（或更便携），我可能会看一下NaCl（本机客户端）。 JVM还旨在提供沙箱功能，并提供多种语言选择。 （也就是说，我个人并不认为JVM是一个非常强大的沙箱。它具有安全问题的历史。）

A common theme in modern plugins systems is process isolation. Ideally you should run the plugin in its own process space in a sandbox. In OS X look at XPC, which is designed explicitly for this problem. On Linux (or more portably), I would probably look at NaCl (Native Client). The JVM is also designed to provide sandboxing, and offers a rich selection of languages. (That said, I don't personally consider the JVM a very strong sandbox. It's had a history of security problems.)

通常，我对此类项目是与语言无关的API。我最经常使用REST API（或类似REST）。这允许插件受到严格限制，同时不限制语言选择。我喜欢尽可能使用简单的HTTP进行通信，因为它具有对多种语言的丰富支持，因此对插件几乎没有限制。实际上，根据您的描述，您甚至不必在硬件上运行插件（当然也不必在主服务器上运行）。使插件成为远程客户端可以消除许多潜在的问题。

In general, my preference on these kinds of projects is a language-agnostic API. I most often use REST APIs (or "REST-like"). This allows the plugin to be highly restricted, while not restricting the language choice. I like simple HTTP for communications whenever possible because it has rich support in numerous languages, so it puts little restriction on the plugin. In fact, given your description, you wouldn't even have to run the plugin on your hardware (and certainly not on the main server). Making the plugins remote clients removes many potential concerns.

但是最终，我认为像 2.2之类的东西才是正确的方向。

But ultimately, I think something like your "2.2" is the right direction.

这篇关于安全运行用户代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！