Given this code:
class module {
public:
virtual void run(void (*callback)(int)) = 0;
byte* memory;
}
int main() {
module m1 = loadSomeUntrustedModule();
module m2 = loadSomeUntrustedModule();
m1.memory[31] = 5;
//m1.run(); //?
return m1.memory[32];
}
I want to execute run in module that cannot access code outside of itself, isolating it with its own private memory space, only accessible from the main process. Safe from memory leaks, and potentially from malicious code. The code does not need access to anything but its own memory. I intend for this code to be cross-platform, compiling and running for linux, windows, mac, android, etc...
Its a rather simple question; How do I run sandboxed/protected code in c++ with the requirements talked about above? But one much more complicated to answer I would assume. One that I would assume to be containing assembly.
I don't think there's cross-platform solution available to load module into the same process (moreover, we don't have cross-platform modules yet).
More-or-less portable solution would be to create another process and use cross-process communication. They are still different for different OSes, but cross-platform wrappers do exist.
One known implementation is Google Chrome sandbox. On Windows it creates sub-processes, reduces their access tokens to very minimum and hooks their file i/o system APIs to forward data thru pipes to parent process. Good sandbox is that hard...