Create pseudo sandbox for hosted IronRuby script

Hi,

I have an multi-user VoIP application that allows users to execute
IronRuby scripts for their call dial plans. I’m looking to restrict what
the IronRuby scripts are allowed to do to protect the server in case a
nasty user should decide to try and cause some damage. I’ve restricted
the process executing the scripts as much as I can but would like to go
further. For example my users don’t need to be able to access the file
system so I’d like to disable the File and Dir Ruby standard library
classes.

The approach I’ve looked into and that seems to work is to comment out
the modules I don’t want in the IronRuby.Libraries assembly and the
BuiltinsLibraryInitializer.LoadModules class. Is that a reasonable
approach?

Thanks,

Aaron

I have an multi-user VoIP application that allows users to execute
IronRuby scripts for their call dial plans. I’m looking to restrict what
the IronRuby scripts are allowed to do to protect the server in case a
nasty user should decide to try and cause some damage.

This kind of “blank-slate” approach would be useful to me too.

Is that something that can be achieved using isolated scopes ?

– Thibaut

You should start without IronRuby, and get a basic C# test dll sandboxed
first. One less variable to worry about. The links below have some
useful information.


From: [email protected]
[[email protected]] on behalf of Pascal Normandin
[[email protected]]
Sent: Monday, February 08, 2010 6:25 AM
To: [email protected]
Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby
script

Hello,

Here is what I’ve done to achieve this but I’d really like to know if
this is the right method. It gets really confusing when it comes to
TrustLevel and assembly permissions.

From my basic tests I was unable to access any resources from the computer not even the file system.

Pascal Normandin

    protected static ScriptRuntime CreateIronRubyRuntime(bool 

runInSandBox)
{
// Setup the ruby engine in a Sandbox
var rubySetup = Ruby.CreateRubySetup();

        rubySetup.Options["InterpretedMode"] = true;

        var runtimeSetup = new ScriptRuntimeSetup();
        runtimeSetup.LanguageSetups.Add(rubySetup);
        runtimeSetup.DebugMode = false;

        ScriptRuntime runtime;
        if (runInSandBox)
        {
            // Create AppDomain Info
            AppDomainSetup info = new AppDomainSetup();
            info.ApplicationBase = 

AppDomain.CurrentDomain.BaseDirectory + “\bin”;
info.ApplicationName = “IRPlugin”;

            // Set permissions
            PermissionSet ps1 = new 

PermissionSet(PermissionState.None);
SecurityPermissionFlag flag =
SecurityPermissionFlag.SkipVerification |
SecurityPermissionFlag.Execution |
SecurityPermissionFlag.ControlAppDomain;
ps1.AddPermission(new SecurityPermission(flag));

            // Create the AppDomain
            AppDomain newDomain = 

AppDomain.CreateDomain(“IRPluginDomain”, null, info, ps1);

            runtime = ScriptRuntime.CreateRemote(newDomain, 

runtimeSetup);
}
else
{
runtime = Ruby.CreateRuntime(runtimeSetup);
}

        return runtime;
    }

From: [email protected]
[mailto:[email protected]] On Behalf Of Thibaut
Barrère
Sent: February-08-10 3:46 AM
To: [email protected]
Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby
script

I have an multi-user VoIP application that allows users to execute
IronRuby scripts for their call dial plans. I’m looking to restrict what
the IronRuby scripts are allowed to do to protect the server in case a
nasty user should decide to try and cause some damage.

This kind of “blank-slate” approach would be useful to me too.

Is that something that can be achieved using isolated scopes ?

– Thibaut