Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby script

Mon, 08 Feb 2010 06:37:03 -0800 

Hello,

 

Here is what I've done to achieve this but I'd really like to know if this
is the right method.  It gets really confusing when it comes to TrustLevel
and assembly permissions.

>From my basic tests I was unable to access any resources from the computer
not even the file system.

 

Pascal Normandin

 

        protected static ScriptRuntime CreateIronRubyRuntime(bool
runInSandBox)

        {

            // Setup the ruby engine in a Sandbox

            var rubySetup = Ruby.CreateRubySetup();

 

            rubySetup.Options["InterpretedMode"] = true;

 

            var runtimeSetup = new ScriptRuntimeSetup();

            runtimeSetup.LanguageSetups.Add(rubySetup);

            runtimeSetup.DebugMode = false;

 

            ScriptRuntime runtime;

            if (runInSandBox)

            {

                // Create AppDomain Info

                AppDomainSetup info = new AppDomainSetup();

                info.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory
+ "\\bin";

                info.ApplicationName = "IRPlugin";

 

                // Set permissions

                PermissionSet ps1 = new PermissionSet(PermissionState.None);

                SecurityPermissionFlag flag =
SecurityPermissionFlag.SkipVerification | SecurityPermissionFlag.Execution |
SecurityPermissionFlag.ControlAppDomain;

                ps1.AddPermission(new SecurityPermission(flag));

 

                // Create the AppDomain

                AppDomain newDomain =
AppDomain.CreateDomain("IRPluginDomain", null, info, ps1);

 

                runtime = ScriptRuntime.CreateRemote(newDomain,
runtimeSetup);

            }

            else

            {

                runtime = Ruby.CreateRuntime(runtimeSetup);

            }

 

            return runtime;

        }

 

From: [email protected]
[mailto:[email protected]] On Behalf Of Thibaut Barrère
Sent: February-08-10 3:46 AM
To: [email protected]
Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby
script

 

> I have an multi-user VoIP application that allows users to execute
> IronRuby scripts for their call dial plans. I'm looking to restrict what
> the IronRuby scripts are allowed to do to protect the server in case a
> nasty user should decide to try and cause some damage. 

This kind of "blank-slate" approach would be useful to me too.

Is that something that can be achieved using isolated scopes ?

-- Thibaut



_______________________________________________
Ironruby-core mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

Reply via email to