[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Re: [ANN] sandbox 0.0.11 -- taking the i out of eval

Berger, Daniel

7/19/2006 4:36:00 PM

> -----Original Message-----
> From: why the lucky stiff [mailto:ruby-talk@whytheluckystiff.net]
> Sent: Wednesday, July 19, 2006 10:22 AM
> To: ruby-talk ML
> Subject: [ANN] sandbox 0.0.11 -- taking the i out of eval

<snip>

> This module swaps in a new symbol table, so you can basically
> manage multiple interpreters at once. There are so many
> possibilities for using this. For emulating selector
> namespaces, for jailing code.
>
> >> s = Sandbox.new
> >> s.eval("module Hidden; end")
> => nil
> >> Hidden
> NameError: uninitialized constant Hidden

Very cool. By any chance have you ever looked at Perl's Safe.pm? I'm
just curious if you have any comments as far as comparing and/or
contrasting it with your Sandbox code, or if there are any API features
from Safe.pm that you think would be worth borrowing.

http://search.cpan.org/~rgarcia/Safe-2....

Regards,

Dan


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
1 Answer

why the lucky stiff

7/19/2006 7:09:00 PM

0

On Thu, Jul 20, 2006 at 01:35:52AM +0900, Berger, Daniel wrote:
> Very cool. By any chance have you ever looked at Perl's Safe.pm? I'm
> just curious if you have any comments as far as comparing and/or
> contrasting it with your Sandbox code, or if there are any API features
> from Safe.pm that you think would be worth borrowing.

I'm not saavy enough with Perl's opcodes and its scope rules to say. It looks
like the Sandbox is addressable by the outside environment (as
*{$obj->root()."::$var"}) which isn't yet possible with my extension. Overall,
though, it's surprisingly similar. Also see IO's Core.Sandbox[1] and
TCL's interp[2] from which I took cues.

Thankyou for bringing this module up, though, I will definitely mine it for
ideas featurewise. Equivalents for `share` and `rdo` sub are definitely
planned.

Loading from a file `rdo` is a great example of how luscious this extension can be.
The master scope could load code from a Socket:
<http://balloon.hobix.com/se... but the Sandbox could have wrappers for
Sockets and Files which would prompt the user for permission.

_why

[1] http://www.iolanguage.com/docs/reference/browser.cgi?path=Co...
[2] http://www.astro.princeton.edu/~rhl/Tcl-Tk_docs/tcl/int...