Skip to the content.
« Protecting sensitive data

Sandboxing untrusted code





The BEAM runtime has very little support for access control between running processes: code that runs somewhere in a BEAM instance has almost unlimited access to the VM and the interface to the host on which it runs. Moreover, a process on a node in a distributed Erlang cluster has the same level of access to the other nodes as well.

It is therefore not possible to isolate ‘untrusted’ processes in some sort of sandbox. If there is a need to allow untrusted parties, such as users of the application, to customize an application’s behaviour, use a dedicated runtime as a sandbox for untrusted code. The Lua language in particular was designed with this use-case in mind, and various Erlang/Elixir bindings exist.

Next: Preventing timing attacks »