[Ironruby-core] Create pseudo sandbox for hosted IronRuby script

Aaron Clauson lists at ruby-forum.com
Mon Feb 8 03:41:01 EST 2010


Hi,

I have an multi-user VoIP application that allows users to execute
IronRuby scripts for their call dial plans. I'm looking to restrict what
the IronRuby scripts are allowed to do to protect the server in case a
nasty user should decide to try and cause some damage. I've restricted
the process executing the scripts as much as I can but would like to go
further. For example my users don't need to be able to access the file
system so I'd like to disable the File and Dir Ruby standard library
classes.

The approach I've looked into and that seems to work is to comment out
the modules I don't want in the IronRuby.Libraries assembly and the
BuiltinsLibraryInitializer.LoadModules class. Is that a reasonable
approach?

Thanks,

Aaron
-- 
Posted via http://www.ruby-forum.com/.


More information about the Ironruby-core mailing list