You should start without IronRuby, and get a basic C# test dll sandboxed
first. One less variable to worry about. The links below have some
useful information.
From: [email protected]
[[email protected]] on behalf of Pascal Normandin
[[email protected]]
Sent: Monday, February 08, 2010 6:25 AM
To: [email protected]
Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby
script
Hello,
Here is what I’ve done to achieve this but I’d really like to know if
this is the right method. It gets really confusing when it comes to
TrustLevel and assembly permissions.
From my basic tests I was unable to access any resources from the computer not even the file system.
Pascal Normandin
protected static ScriptRuntime CreateIronRubyRuntime(bool
runInSandBox)
{
// Setup the ruby engine in a Sandbox
var rubySetup = Ruby.CreateRubySetup();
rubySetup.Options["InterpretedMode"] = true;
var runtimeSetup = new ScriptRuntimeSetup();
runtimeSetup.LanguageSetups.Add(rubySetup);
runtimeSetup.DebugMode = false;
ScriptRuntime runtime;
if (runInSandBox)
{
// Create AppDomain Info
AppDomainSetup info = new AppDomainSetup();
info.ApplicationBase =
AppDomain.CurrentDomain.BaseDirectory + “\bin”;
info.ApplicationName = “IRPlugin”;
// Set permissions
PermissionSet ps1 = new
PermissionSet(PermissionState.None);
SecurityPermissionFlag flag =
SecurityPermissionFlag.SkipVerification |
SecurityPermissionFlag.Execution |
SecurityPermissionFlag.ControlAppDomain;
ps1.AddPermission(new SecurityPermission(flag));
// Create the AppDomain
AppDomain newDomain =
AppDomain.CreateDomain(“IRPluginDomain”, null, info, ps1);
runtime = ScriptRuntime.CreateRemote(newDomain,
runtimeSetup);
}
else
{
runtime = Ruby.CreateRuntime(runtimeSetup);
}
return runtime;
}
From: [email protected]
[mailto:[email protected]] On Behalf Of Thibaut
Barrère
Sent: February-08-10 3:46 AM
To: [email protected]
Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby
script
I have an multi-user VoIP application that allows users to execute
IronRuby scripts for their call dial plans. I’m looking to restrict what
the IronRuby scripts are allowed to do to protect the server in case a
nasty user should decide to try and cause some damage.
This kind of “blank-slate” approach would be useful to me too.
Is that something that can be achieved using isolated scopes ?
– Thibaut