AI Zone Admin Forum Add your forum

NEWS: survey on 3000 US and UK consumers shows it is time for chatbot integration in customer service!read more..

Security Sandbox

Following the discussion about wiki-botia:

I would like to create a sample wiki site where everyone can insert and edit bot code in ChatScript, and then let them chat with their bot.

But, of course, there is a danger that they will damage the server, for example, if they use shell commands.

How do you suggest to handle this? Is there a way to run a ChatScript bot in a sandbox, that does not affect the containing server?


  [ # 1 ]

Assuming we dont care if they “crash” the chatbot engine (that for example its on a cron job to auto restart every 5 minutes if not running), then one could disable the ^system command.  I could make the engine on startup read a config file that could do that, so its not something subject to script control.  would that be enough?


  [ # 2 ]

What do you mean by crashing the chatbot? How can a user crash the chatbot?

Is the ^system command the only command that enables the bot to access the outside world? What about ^import and ^export?



  [ # 3 ]

ChatScript has a :shutdown command that instructs the server to do just what is says. I’ve been thinking about this issue for a few days now, and all I can think of is to make that command a “super-user” command, rather than just an admin command. I’m not certain how involved that would be, though.

I can’t remember what ^import and ^export do. I’ll have to go back to the documentation, and read up. I’m sure Bruce can answer that, though. smile


  [ # 4 ]

all of the :commands can be restricted (there is an allowedIP file that by default is set to all but can restrict to specific IP address), so :shutdown is safe.
IMPORT reads from a file, but that cant damage the host computer.
EXPORT writes to a file, so that could also be restricted along with system.

CRASHING the chatbot is always possible. Find a bug and exploit it.  However, the system tries to trap crash errors and recover. And when I use it as a server, I crontab auto-restarting it so it wouldn’t be down for long.


  [ # 5 ]

So, maybe there should be a server command-line argument “safe mode”, that tells it to ignore:
a. ^system
b. ^export
c. I would also disable ^import, as it might enable malicious users to read sensitive files, like /etc/passwd.
d. all : commands from non-local IP addresses
e. anything else?


  [ # 6 ]

having trouble getting sourceforge to upload my latest version.. It has a command line parameter “sandbox” as well as your tutorial in the documentation.  It ignores system and export.  IMPORT is of no consequence because reading sensitive files does them no good. The IMPORT command ONLY absorbs files in “rules” format, which no files of danger will be. and its done on the server, so no http trace of data read will be visible.

Since currently you can restrict IP addresses, probably that doesnt need to be under sandbox control as well.


  login or register to react