
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>

<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page Section1

        {size:612.0pt 792.0pt;

        margin:72.0pt 72.0pt 72.0pt 72.0pt;}

div.Section1

        {page:Section1;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>


<body lang=EN-CA link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>Hello,<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>Here is what I've done to achieve this but I'd really like to

know if this is the right method.  It gets really confusing when it comes to TrustLevel

and assembly permissions.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>From my basic tests I was unable to access any resources from

the computer not even the file system.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>Pascal Normandin<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>        <span style='color:blue'>protected</span> <span

style='color:blue'>static</span> <span style='color:#2B91AF'>ScriptRuntime</span>

CreateIronRubyRuntime(<span style='color:blue'>bool</span> runInSandBox)<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>        {<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            <span style='color:green'>// Setup the

ruby engine in a Sandbox<o:p></o:p></span></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            <span style='color:blue'>var</span>

rubySetup = <span style='color:#2B91AF'>Ruby</span>.CreateRubySetup();<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            rubySetup.Options[<span

style='color:#A31515'>&quot;InterpretedMode&quot;</span>] = <span

style='color:blue'>true</span>;<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            <span style='color:blue'>var</span>

runtimeSetup = <span style='color:blue'>new</span> <span style='color:#2B91AF'>ScriptRuntimeSetup</span>();<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>           

runtimeSetup.LanguageSetups.Add(rubySetup);<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            runtimeSetup.DebugMode = <span

style='color:blue'>false</span>;<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            <span style='color:#2B91AF'>ScriptRuntime</span>

runtime;<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            <span style='color:blue'>if</span>

(runInSandBox)<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            {<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                <span style='color:green'>// Create

AppDomain Info<o:p></o:p></span></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                <span style='color:#2B91AF'>AppDomainSetup</span>

info = <span style='color:blue'>new</span> <span style='color:#2B91AF'>AppDomainSetup</span>();<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                info.ApplicationBase = <span

style='color:#2B91AF'>AppDomain</span>.CurrentDomain.BaseDirectory + <span

style='color:#A31515'>&quot;\\bin&quot;</span>;<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                info.ApplicationName = <span

style='color:#A31515'>&quot;IRPlugin&quot;</span>;<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                <span style='color:green'>// Set

permissions<o:p></o:p></span></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                <span style='color:#2B91AF'>PermissionSet</span>

ps1 = <span style='color:blue'>new</span> <span style='color:#2B91AF'>PermissionSet</span>(<span

style='color:#2B91AF'>PermissionState</span>.None);<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                <span style='color:#2B91AF'>SecurityPermissionFlag</span>

flag = <span style='color:#2B91AF'>SecurityPermissionFlag</span>.SkipVerification

| <span style='color:#2B91AF'>SecurityPermissionFlag</span>.Execution | <span

style='color:#2B91AF'>SecurityPermissionFlag</span>.ControlAppDomain;<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                ps1.AddPermission(<span

style='color:blue'>new</span> <span style='color:#2B91AF'>SecurityPermission</span>(flag));<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                <span style='color:green'>// Create

the AppDomain<o:p></o:p></span></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                <span style='color:#2B91AF'>AppDomain</span>

newDomain = <span style='color:#2B91AF'>AppDomain</span>.CreateDomain(<span

style='color:#A31515'>&quot;IRPluginDomain&quot;</span>, <span

style='color:blue'>null</span>, info, ps1);<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                runtime = <span style='color:#2B91AF'>ScriptRuntime</span>.CreateRemote(newDomain,

runtimeSetup);<span style='color:green'><o:p></o:p></span></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            }<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            <span style='color:blue'>else<o:p></o:p></span></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            {<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>                runtime = <span style='color:#2B91AF'>Ruby</span>.CreateRuntime(runtimeSetup);<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            }<o:p></o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;

font-family:"Courier New"'>            <span style='color:blue'>return</span>

runtime;<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>       

}</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>


<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:

"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;

font-family:"Tahoma","sans-serif"'> ironruby-core-bounces@rubyforge.org

[mailto:ironruby-core-bounces@rubyforge.org] <b>On Behalf Of </b>Thibaut

Barrère<br>

<b>Sent:</b> February-08-10 3:46 AM<br>

<b>To:</b> ironruby-core@rubyforge.org<br>

<b>Subject:</b> Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby

script<o:p></o:p></span></p>


</div>


<p class=MsoNormal><o:p>&nbsp;</o:p></p>


<p class=MsoNormal>&gt; I have an multi-user VoIP application that allows users

to execute<br>

&gt; IronRuby scripts for their call dial plans. I'm looking to restrict what<br>

&gt; the IronRuby scripts are allowed to do to protect the server in case a<br>

&gt; nasty user should decide to try and cause some damage. <br>

<br>

This kind of &quot;blank-slate&quot; approach would be useful to me too.<br>

<br>

Is that something that can be achieved using isolated scopes ?<br>

<br>

-- Thibaut<br clear=all>

<o:p></o:p></p>


</div>


</body>


</html>