We need to respect tainting because tons of specs test for correct
behavior.
- John
Sent from my phone
From: Peter Bacon D. [email protected]
Sent: Sunday, April 06, 2008 11:13 AM
To: [email protected] [email protected]
Subject: Re: [Ironruby-core] Safe Level checking
OK that makes sense. Does it apply to tainting objects too?
Pete
From: [email protected]
[mailto:[email protected]] On Behalf Of Tomas M.
Sent: Sunday,06 April 06, 2008 17:25
To: [email protected]
Subject: Re: [Ironruby-core] Safe Level checking
We don’t care about safe level now, so you can just ignore it. I doubt
it is necessary to implement this feature at all. IronRuby doesn’t
contain any unsafe code. Hence CLR checks are always present regardless
of what we check, so your code cannot do anything that is disallowed by
CLR security system. We can only disable Ruby calls to some methods.
And that would be a real security restriction only in a mode that would
disable all .NET calls, because otherwise you could always call your C#
code that performs the call.
Tomas
From: [email protected]
[mailto:[email protected]] On Behalf Of Peter Bacon
Darwin
Sent: Sunday, April 06, 2008 6:47 AM
To: [email protected]
Subject: [Ironruby-core] Safe Level checking
The Sockets library does a lot of Security checking, i.e. Is the
SafeLevel too high for this action. It may be helpful to be able to
specify this kind of thing as an attribute on the method.
Something like:
[RubyMethod("getsockopt")]
[RubySafeLevel(2)]
public static MutableString GetSocketOption(CodeContext/*!*/
context, RubyBasicSocket/!/ self, object/Numeric/ level,
object/Numeric/ optname) {
Rather than:
[RubyMethod("getsockopt")]
public static MutableString GetSocketOption(CodeContext/*!*/
context, RubyBasicSocket/!/ self, object/Numeric/ level,
object/Numeric/ optname) {
Protocols.CheckSafeLevel(context, 2, “getsockopt”);
…
}
Or maybe even more cleverly integrate it into the .NET security
permissions attributes.
What do you think?
Pete