I'd like to provide end-user scripting (that would run server-side) in an application. I've been reading around, and found that sandboxing is much more of a problem than I thought.
I don't really care what the language is. LUA, Python, JavaScript, I'm fine with anything readable.
How hard is it to run a function in an untrusted script, passing in some information and obtaining some more? I've read JVM Security Manager is a no-go and that Python is nearly unsandboxable, but I have very little knowledge on the topic and can't really judge the sources.
How can I, for example, interpret a function in JS that takes a JSON (from, say, Java, or Python, or even node.js), and get back the returned JSON?
I'd like to avoid implementing a pythonish i-just-know-it-will-suck language interpreter myself.
Lua has good sandboxing capabilities and is clean and simple.
It has the setfenv() function that can run code in a specific environment. The untrusted code can only access what is in the specific environment.
For C functions, such as string.rep, you can prevent memory over-consumption by replacing them with Lua functions or providing a custom memory allocator to lua_newstate.
Also, if you decide that you wish to use Lua for trusted code and have it interface with untrusted code, you can use coroutines and debug.sethook to control CPU usage.
The Lua Wiki has a simple example sandbox.
The source code of the lua live demo might be of interest, too.