The Sockets library does a lot of Security checking, i.e. Is the SafeLevel too high for this action. It may be helpful to be able to specify this kind of thing as an attribute on the method. Something like: [RubyMethod("getsockopt")] [RubySafeLevel(2)] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Rather than: [RubyMethod("getsockopt")] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Protocols.CheckSafeLevel(context, 2, "getsockopt"); ... } Or maybe even more cleverly integrate it into the .NET security permissions attributes. What do you think? Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/b2a80880/attachment.html
We don''t care about safe level now, so you can just ignore it. I doubt it is necessary to implement this feature at all. IronRuby doesn''t contain any unsafe code. Hence CLR checks are always present regardless of what we check, so your code cannot do anything that is disallowed by CLR security system. We can only disable Ruby calls to some methods. And that would be a real security restriction only in a mode that would disable all .NET calls, because otherwise you could always call your C# code that performs the call. Tomas From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Peter Bacon Darwin Sent: Sunday, April 06, 2008 6:47 AM To: ironruby-core at rubyforge.org Subject: [Ironruby-core] Safe Level checking The Sockets library does a lot of Security checking, i.e. Is the SafeLevel too high for this action. It may be helpful to be able to specify this kind of thing as an attribute on the method. Something like: [RubyMethod("getsockopt")] [RubySafeLevel(2)] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Rather than: [RubyMethod("getsockopt")] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Protocols.CheckSafeLevel(context, 2, "getsockopt"); ... } Or maybe even more cleverly integrate it into the .NET security permissions attributes. What do you think? Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/07a9cec1/attachment-0001.html
OK that makes sense. Does it apply to tainting objects too? Pete From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Tomas Matousek Sent: Sunday,06 April 06, 2008 17:25 To: ironruby-core at rubyforge.org Subject: Re: [Ironruby-core] Safe Level checking We don''t care about safe level now, so you can just ignore it. I doubt it is necessary to implement this feature at all. IronRuby doesn''t contain any unsafe code. Hence CLR checks are always present regardless of what we check, so your code cannot do anything that is disallowed by CLR security system. We can only disable Ruby calls to some methods. And that would be a real security restriction only in a mode that would disable all .NET calls, because otherwise you could always call your C# code that performs the call. Tomas From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Peter Bacon Darwin Sent: Sunday, April 06, 2008 6:47 AM To: ironruby-core at rubyforge.org Subject: [Ironruby-core] Safe Level checking The Sockets library does a lot of Security checking, i.e. Is the SafeLevel too high for this action. It may be helpful to be able to specify this kind of thing as an attribute on the method. Something like: [RubyMethod("getsockopt")] [RubySafeLevel(2)] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Rather than: [RubyMethod("getsockopt")] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Protocols.CheckSafeLevel(context, 2, "getsockopt"); ... } Or maybe even more cleverly integrate it into the .NET security permissions attributes. What do you think? Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/57964f5b/attachment.html
We need to respect tainting because tons of specs test for correct behavior. - John Sent from my phone ________________________________ From: Peter Bacon Darwin <bacondarwin at googlemail.com> Sent: Sunday, April 06, 2008 11:13 AM To: ironruby-core at rubyforge.org <ironruby-core at rubyforge.org> Subject: Re: [Ironruby-core] Safe Level checking OK that makes sense. Does it apply to tainting objects too? Pete From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Tomas Matousek Sent: Sunday,06 April 06, 2008 17:25 To: ironruby-core at rubyforge.org Subject: Re: [Ironruby-core] Safe Level checking We don?t care about safe level now, so you can just ignore it. I doubt it is necessary to implement this feature at all. IronRuby doesn?t contain any unsafe code. Hence CLR checks are always present regardless of what we check, so your code cannot do anything that is disallowed by CLR security system. We can only disable Ruby calls to some methods. And that would be a real security restriction only in a mode that would disable all .NET calls, because otherwise you could always call your C# code that performs the call. Tomas From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Peter Bacon Darwin Sent: Sunday, April 06, 2008 6:47 AM To: ironruby-core at rubyforge.org Subject: [Ironruby-core] Safe Level checking The Sockets library does a lot of Security checking, i.e. Is the SafeLevel too high for this action. It may be helpful to be able to specify this kind of thing as an attribute on the method. Something like: [RubyMethod("getsockopt")] [RubySafeLevel(2)] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Rather than: [RubyMethod("getsockopt")] public static MutableString GetSocketOption(CodeContext/*!*/ context, RubyBasicSocket/*!*/ self, object/*Numeric*/ level, object/*Numeric*/ optname) { Protocols.CheckSafeLevel(context, 2, "getsockopt"); ... } Or maybe even more cleverly integrate it into the .NET security permissions attributes. What do you think? Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20080406/72a27389/attachment.html