The Sockets library does a lot of Security checking, i.e. Is the SafeLevel
too high for this action. It may be helpful to be able to specify this kind
of thing as an attribute on the method.
Something like:
[RubyMethod("getsockopt")]
[RubySafeLevel(2)]
public static MutableString GetSocketOption(CodeContext/*!*/
context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level,
object/*Numeric*/ optname) {
Rather than:
[RubyMethod("getsockopt")]
public static MutableString GetSocketOption(CodeContext/*!*/
context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level,
object/*Numeric*/ optname) {
Protocols.CheckSafeLevel(context, 2, "getsockopt");
...
}
Or maybe even more cleverly integrate it into the .NET security permissions
attributes.
What do you think?
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/b2a80880/attachment.html
We don''t care about safe level now, so you can just ignore it. I doubt
it is necessary to implement this feature at all. IronRuby doesn''t
contain any unsafe code. Hence CLR checks are always present regardless of what
we check, so your code cannot do anything that is disallowed by CLR security
system. We can only disable Ruby calls to some methods. And that would be a
real security restriction only in a mode that would disable all .NET calls,
because otherwise you could always call your C# code that performs the call.
Tomas
From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at
rubyforge.org] On Behalf Of Peter Bacon Darwin
Sent: Sunday, April 06, 2008 6:47 AM
To: ironruby-core at rubyforge.org
Subject: [Ironruby-core] Safe Level checking
The Sockets library does a lot of Security checking, i.e. Is the SafeLevel too
high for this action. It may be helpful to be able to specify this kind of thing
as an attribute on the method.
Something like:
[RubyMethod("getsockopt")]
[RubySafeLevel(2)]
public static MutableString GetSocketOption(CodeContext/*!*/ context,
RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) {
Rather than:
[RubyMethod("getsockopt")]
public static MutableString GetSocketOption(CodeContext/*!*/ context,
RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) {
Protocols.CheckSafeLevel(context, 2, "getsockopt");
...
}
Or maybe even more cleverly integrate it into the .NET security permissions
attributes.
What do you think?
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/07a9cec1/attachment-0001.html
OK that makes sense. Does it apply to tainting objects too?
Pete
From: ironruby-core-bounces at rubyforge.org
[mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Tomas Matousek
Sent: Sunday,06 April 06, 2008 17:25
To: ironruby-core at rubyforge.org
Subject: Re: [Ironruby-core] Safe Level checking
We don''t care about safe level now, so you can just ignore it. I doubt
it is
necessary to implement this feature at all. IronRuby doesn''t contain
any
unsafe code. Hence CLR checks are always present regardless of what we
check, so your code cannot do anything that is disallowed by CLR security
system. We can only disable Ruby calls to some methods. And that would be a
real security restriction only in a mode that would disable all .NET calls,
because otherwise you could always call your C# code that performs the call.
Tomas
From: ironruby-core-bounces at rubyforge.org
[mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Peter Bacon Darwin
Sent: Sunday, April 06, 2008 6:47 AM
To: ironruby-core at rubyforge.org
Subject: [Ironruby-core] Safe Level checking
The Sockets library does a lot of Security checking, i.e. Is the SafeLevel
too high for this action. It may be helpful to be able to specify this kind
of thing as an attribute on the method.
Something like:
[RubyMethod("getsockopt")]
[RubySafeLevel(2)]
public static MutableString GetSocketOption(CodeContext/*!*/
context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level,
object/*Numeric*/ optname) {
Rather than:
[RubyMethod("getsockopt")]
public static MutableString GetSocketOption(CodeContext/*!*/
context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level,
object/*Numeric*/ optname) {
Protocols.CheckSafeLevel(context, 2, "getsockopt");
...
}
Or maybe even more cleverly integrate it into the .NET security permissions
attributes.
What do you think?
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/57964f5b/attachment.html
We need to respect tainting because tons of specs test for correct behavior.
- John
Sent from my phone
________________________________
From: Peter Bacon Darwin <bacondarwin at googlemail.com>
Sent: Sunday, April 06, 2008 11:13 AM
To: ironruby-core at rubyforge.org <ironruby-core at rubyforge.org>
Subject: Re: [Ironruby-core] Safe Level checking
OK that makes sense. Does it apply to tainting objects too?
Pete
From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at
rubyforge.org] On Behalf Of Tomas Matousek
Sent: Sunday,06 April 06, 2008 17:25
To: ironruby-core at rubyforge.org
Subject: Re: [Ironruby-core] Safe Level checking
We don?t care about safe level now, so you can just ignore it. I doubt it is
necessary to implement this feature at all. IronRuby doesn?t contain any unsafe
code. Hence CLR checks are always present regardless of what we check, so your
code cannot do anything that is disallowed by CLR security system. We can only
disable Ruby calls to some methods. And that would be a real security
restriction only in a mode that would disable all .NET calls, because otherwise
you could always call your C# code that performs the call.
Tomas
From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at
rubyforge.org] On Behalf Of Peter Bacon Darwin
Sent: Sunday, April 06, 2008 6:47 AM
To: ironruby-core at rubyforge.org
Subject: [Ironruby-core] Safe Level checking
The Sockets library does a lot of Security checking, i.e. Is the SafeLevel too
high for this action. It may be helpful to be able to specify this kind of thing
as an attribute on the method.
Something like:
[RubyMethod("getsockopt")]
[RubySafeLevel(2)]
public static MutableString GetSocketOption(CodeContext/*!*/ context,
RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) {
Rather than:
[RubyMethod("getsockopt")]
public static MutableString GetSocketOption(CodeContext/*!*/ context,
RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) {
Protocols.CheckSafeLevel(context, 2, "getsockopt");
...
}
Or maybe even more cleverly integrate it into the .NET security permissions
attributes.
What do you think?
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/72a27389/attachment.html