Gotcha I hadn’t factored those capabilities into the concept of sandbox, but I can see why they would be important features.
I will admit I don’t really understand why the library that wraps v8 requires a security team in your view, given that v8 itself definitely has one. I’m trying to understand what you see as the dangerous piece of such code likely to lead to exploits. I’m probably missing something, but I fail to see where the complexity lies.
The biggest one is I don't want someone submitting malicious (or just poorly designed) code that crashes my server - hence the focus on memory and CPU limits.
I also need to limit filesystem access - don't want them stealing private files from elsewhere on the system, or filling the disk with garbage data (again causing a crash).
Network access restrictions are important too - I don't want my server becoming part of some DDoS attack, or an attacker using it to hit supposedly safe internal endpoints (SSRF).
I will admit I don’t really understand why the library that wraps v8 requires a security team in your view, given that v8 itself definitely has one. I’m trying to understand what you see as the dangerous piece of such code likely to lead to exploits. I’m probably missing something, but I fail to see where the complexity lies.