Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
Re: [ANN] sandbox 0.0.11 -- taking the i out of eval
Berger, Daniel
7/19/2006 4:36:00 PM
> -----Original Message-----
> From: why the lucky stiff [mailto:ruby-talk@whytheluckystiff.net]
> Sent: Wednesday, July 19, 2006 10:22 AM
> To: ruby-talk ML
> Subject: [ANN] sandbox 0.0.11 -- taking the i out of eval
<snip>
> This module swaps in a new symbol table, so you can basically
> manage multiple interpreters at once. There are so many
> possibilities for using this. For emulating selector
> namespaces, for jailing code.
>
> >> s = Sandbox.new
> >> s.eval("module Hidden; end")
> => nil
> >> Hidden
> NameError: uninitialized constant Hidden
Very cool. By any chance have you ever looked at Perl's Safe.pm? I'm
just curious if you have any comments as far as comparing and/or
contrasting it with your Sandbox code, or if there are any API features
from Safe.pm that you think would be worth borrowing.
http://search.cpan.org/~rgarcia/Safe-2....
Regards,
Dan
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
1 Answer
why the lucky stiff
7/19/2006 7:09:00 PM
0
On Thu, Jul 20, 2006 at 01:35:52AM +0900, Berger, Daniel wrote:
> Very cool. By any chance have you ever looked at Perl's Safe.pm? I'm
> just curious if you have any comments as far as comparing and/or
> contrasting it with your Sandbox code, or if there are any API features
> from Safe.pm that you think would be worth borrowing.
I'm not saavy enough with Perl's opcodes and its scope rules to say. It looks
like the Sandbox is addressable by the outside environment (as
*{$obj->root()."::$var"}) which isn't yet possible with my extension. Overall,
though, it's surprisingly similar. Also see IO's Core.Sandbox[1] and
TCL's interp[2] from which I took cues.
Thankyou for bringing this module up, though, I will definitely mine it for
ideas featurewise. Equivalents for `share` and `rdo` sub are definitely
planned.
Loading from a file `rdo` is a great example of how luscious this extension can be.
The master scope could load code from a Socket:
<
http://balloon.hobix.com/se...
but the Sandbox could have wrappers for
Sockets and Files which would prompt the user for permission.
_why
[1]
http://www.iolanguage.com/docs/reference/browser.cgi?path=Co...
[2]
http://www.astro.princeton.edu/~rhl/Tcl-Tk_docs/tcl/int...
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Re: [ANN] sandbox 0.0.11 -- taking the i out of eval
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password