Q: Is there a way to sandbox a Go program?
A: Yes. See GAE w/ Go or play.golang.org
How is this done?
In my particular case I'd like to allow untrusted extensions written in Go. I imagine the Go Playground is exactly what I'd need. Is it open source? Or is there at least some documentation on how to build a similar service?
code.google.com/p/go-playground is the source for the Go Playground editor. But the sandbox is hidden behind a POST to http://golang.org/compile?output=json.
According to http://blog.golang.org/playground , the sandbox in the go playground uses NaCl to limit CPU and RAM usage. The code for it has been merged into go version 1.3.
The playground sandboxing technology is, AFAIK, not open sourced. One of the reasons for this is, I think, that disclosing publicly the implementation details would make any attack attempts substantially easier.
I would suggest to, if rolling your own sandbox, to provide fake/empty/limited versions of the {unsafe,runtime,net,os,syscall} packages and disallow GOMAXPROCS above 1. But the design must be tailored to the very your definition of a sandbox. File access yes/no/restricted? Networking yes/no/restricted? etc... Last but not least, one should probably disable CGO, assembler code and probably even build tags.
Consider the above list is incomplete.