Sandbox execution (was: Re: On USE [was Re: WYSIWYG programming])
[1/2] from: rebol:svendx:dk at: 31-Oct-2000 0:27
Hello Gabriele,
On 30-Oct-00, you wrote:
> Joel Neely wrote:
>
-- snip --
> BTW, TO-BLOCK behaves differently than LOAD because it doesn't
> BIND it to system/words, leaving words without a context (thus the
> error message).
This is kind of interesting.
I remember earlier discussions on this list regarding sandbox-execution of code.
*-*- REBOL session --
## help sandbox
USAGE:
SANDBOX code words
DESCRIPTION:
Perform execution of a string with only access to selected words
SANDBOX is a function value.
ARGUMENTS:
code -- REBOL code to execute (Type: string)
words -- Block of allowed words (Type: block)
## x: 5
== 5
## test-code: "1 + ((2 * 3) / 4) + x"
== "1 + ((2 * 3) / 4) + x"
## allowed-words: [+ - * / x]
== [+ - * / x]
## sandbox test-code allowed-words
== 7.5
## source sandbox
sandbox: func [
{Perform execution of a string with only access to selected words}
code [string!] "REBOL code to execute"
words [block!] "Block of allowed words"
/local code-block context context-prototype
][
context-prototype: make block! []
foreach word words [
append context-prototype compose [(to-set-word :word) none]
]
context: make object! context-prototype
foreach word words [
set in context :word get :word
]
do bind/copy to-block code in context 'self
]
## test-code: "delete %important-file.r"
== "delete %important-file.r"
## sandbox test-code allowed-words
** Script Error: delete is not defined in this context.
** Where: delete %important-file.r
*-*- REBOL session end --
(Deliberatly kept as simple as possibly - could easily be extended to support code-blocks,
etc)
However, as long as i don't see this documentet as intended behaviour, which will not
change, I would not rely on this being secure!
What do you think?
Best regards
Thomas Jensen
[2/2] from: g::santilli::tiscalinet::it at: 31-Oct-2000 12:16
Thomas Jensen wrote:
[...]
> What do you think?
That's an interesting application! (I think TO-BLOCK was
implemented that way for speed, because you're likely to use it
for data only, and use LOAD for code...)
Regards,
Gabriele.
--
Gabriele Santilli <[giesse--writeme--com]> - Amigan - REBOL programmer
Amiga Group Italia sez. L'Aquila -- http://www.amyresource.it/AGI/