[LLVMdev] Sandboxing code

Misha Brukman brukman at gmail.com
Sun Nov 15 11:24:18 PST 2009


2009/11/6 Péter Szilágyi <peterke at gmail.com>

>  I'm trying to explore what LLVM can and cannot be used for. One
> thing I was wondering, whether it would be possible to execute an LLVM
> code in a completely sandboxed environment? By sandboxed I mean that
> the executed code should not have direct access to any system
> resources (i.e. hard drive, networking, devices), only through some
> specific API that I would provide. The idea is to be able to execute a
> random LLVM code from the internet in a completely safe way (provided
> that the specific code adheres to my libs in the first place...
> otherwise it shouldn't even compile).
>

It is not the goal of LLVM to provide or enforce program safety.

Other projects do this, either on top of the LLVM representation (e.g.,
SAFECode which John already mentioned) or on native code directly (e.g.,
Native Client: http://code.google.com/p/nativeclient/ ) -- so you'd have to
compile LLVM to native code first.

Misha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20091115/7183780e/attachment.html>


More information about the llvm-dev mailing list