Aaron Clauson
2010-Feb-08 08:41 UTC
[Ironruby-core] Create pseudo sandbox for hosted IronRuby script
Hi, I have an multi-user VoIP application that allows users to execute IronRuby scripts for their call dial plans. I''m looking to restrict what the IronRuby scripts are allowed to do to protect the server in case a nasty user should decide to try and cause some damage. I''ve restricted the process executing the scripts as much as I can but would like to go further. For example my users don''t need to be able to access the file system so I''d like to disable the File and Dir Ruby standard library classes. The approach I''ve looked into and that seems to work is to comment out the modules I don''t want in the IronRuby.Libraries assembly and the BuiltinsLibraryInitializer.LoadModules class. Is that a reasonable approach? Thanks, Aaron -- Posted via http://www.ruby-forum.com/.
Thibaut Barrère
2010-Feb-08 08:45 UTC
[Ironruby-core] Create pseudo sandbox for hosted IronRuby script
> I have an multi-user VoIP application that allows users to execute > IronRuby scripts for their call dial plans. I''m looking to restrict what > the IronRuby scripts are allowed to do to protect the server in case a > nasty user should decide to try and cause some damage.This kind of "blank-slate" approach would be useful to me too. Is that something that can be achieved using isolated scopes ? -- Thibaut -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://rubyforge.org/pipermail/ironruby-core/attachments/20100208/23fea45d/attachment.html>
Pascal Normandin
2010-Feb-08 14:25 UTC
[Ironruby-core] Create pseudo sandbox for hosted IronRuby script
Hello, Here is what I''ve done to achieve this but I''d really like to know if this is the right method. It gets really confusing when it comes to TrustLevel and assembly permissions.>From my basic tests I was unable to access any resources from the computernot even the file system. Pascal Normandin protected static ScriptRuntime CreateIronRubyRuntime(bool runInSandBox) { // Setup the ruby engine in a Sandbox var rubySetup = Ruby.CreateRubySetup(); rubySetup.Options["InterpretedMode"] = true; var runtimeSetup = new ScriptRuntimeSetup(); runtimeSetup.LanguageSetups.Add(rubySetup); runtimeSetup.DebugMode = false; ScriptRuntime runtime; if (runInSandBox) { // Create AppDomain Info AppDomainSetup info = new AppDomainSetup(); info.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory + "\\bin"; info.ApplicationName = "IRPlugin"; // Set permissions PermissionSet ps1 = new PermissionSet(PermissionState.None); SecurityPermissionFlag flag SecurityPermissionFlag.SkipVerification | SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlAppDomain; ps1.AddPermission(new SecurityPermission(flag)); // Create the AppDomain AppDomain newDomain AppDomain.CreateDomain("IRPluginDomain", null, info, ps1); runtime = ScriptRuntime.CreateRemote(newDomain, runtimeSetup); } else { runtime = Ruby.CreateRuntime(runtimeSetup); } return runtime; } From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Thibaut Barr?re Sent: February-08-10 3:46 AM To: ironruby-core at rubyforge.org Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby script> I have an multi-user VoIP application that allows users to execute > IronRuby scripts for their call dial plans. I''m looking to restrict what > the IronRuby scripts are allowed to do to protect the server in case a > nasty user should decide to try and cause some damage.This kind of "blank-slate" approach would be useful to me too. Is that something that can be achieved using isolated scopes ? -- Thibaut -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://rubyforge.org/pipermail/ironruby-core/attachments/20100208/2688dd88/attachment.html>
Shri Borde
2010-Feb-08 19:06 UTC
[Ironruby-core] Create pseudo sandbox for hosted IronRuby script
You should start without IronRuby, and get a basic C# test dll sandboxed first. One less variable to worry about. The links below have some useful information. http://msdn.microsoft.com/en-us/magazine/cc163701.aspx http://msdn.microsoft.com/en-us/library/bb763046.aspx ________________________________ From: ironruby-core-bounces at rubyforge.org [ironruby-core-bounces at rubyforge.org] on behalf of Pascal Normandin [pascal.normandin at convergentware.com] Sent: Monday, February 08, 2010 6:25 AM To: ironruby-core at rubyforge.org Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby script Hello, Here is what I''ve done to achieve this but I''d really like to know if this is the right method. It gets really confusing when it comes to TrustLevel and assembly permissions.>From my basic tests I was unable to access any resources from the computer not even the file system.Pascal Normandin protected static ScriptRuntime CreateIronRubyRuntime(bool runInSandBox) { // Setup the ruby engine in a Sandbox var rubySetup = Ruby.CreateRubySetup(); rubySetup.Options["InterpretedMode"] = true; var runtimeSetup = new ScriptRuntimeSetup(); runtimeSetup.LanguageSetups.Add(rubySetup); runtimeSetup.DebugMode = false; ScriptRuntime runtime; if (runInSandBox) { // Create AppDomain Info AppDomainSetup info = new AppDomainSetup(); info.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory + "\\bin"; info.ApplicationName = "IRPlugin"; // Set permissions PermissionSet ps1 = new PermissionSet(PermissionState.None); SecurityPermissionFlag flag = SecurityPermissionFlag.SkipVerification | SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlAppDomain; ps1.AddPermission(new SecurityPermission(flag)); // Create the AppDomain AppDomain newDomain = AppDomain.CreateDomain("IRPluginDomain", null, info, ps1); runtime = ScriptRuntime.CreateRemote(newDomain, runtimeSetup); } else { runtime = Ruby.CreateRuntime(runtimeSetup); } return runtime; } From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Thibaut Barr?re Sent: February-08-10 3:46 AM To: ironruby-core at rubyforge.org Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby script> I have an multi-user VoIP application that allows users to execute > IronRuby scripts for their call dial plans. I''m looking to restrict what > the IronRuby scripts are allowed to do to protect the server in case a > nasty user should decide to try and cause some damage.This kind of "blank-slate" approach would be useful to me too. Is that something that can be achieved using isolated scopes ? -- Thibaut -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://rubyforge.org/pipermail/ironruby-core/attachments/20100208/26f6add3/attachment-0001.html>