Re: Safe Level checking

We need to respect tainting because tons of specs test for correct
behavior.

  • John
    Sent from my phone

From: Peter Bacon D. [email protected]
Sent: Sunday, April 06, 2008 11:13 AM
To: [email protected] [email protected]
Subject: Re: [Ironruby-core] Safe Level checking

OK that makes sense. Does it apply to tainting objects too?
Pete

From: [email protected]
[mailto:[email protected]] On Behalf Of Tomas M.
Sent: Sunday,06 April 06, 2008 17:25
To: [email protected]
Subject: Re: [Ironruby-core] Safe Level checking

We don’t care about safe level now, so you can just ignore it. I doubt
it is necessary to implement this feature at all. IronRuby doesn’t
contain any unsafe code. Hence CLR checks are always present regardless
of what we check, so your code cannot do anything that is disallowed by
CLR security system. We can only disable Ruby calls to some methods.
And that would be a real security restriction only in a mode that would
disable all .NET calls, because otherwise you could always call your C#
code that performs the call.

Tomas

From: [email protected]
[mailto:[email protected]] On Behalf Of Peter Bacon
Darwin
Sent: Sunday, April 06, 2008 6:47 AM
To: [email protected]
Subject: [Ironruby-core] Safe Level checking

The Sockets library does a lot of Security checking, i.e. Is the
SafeLevel too high for this action. It may be helpful to be able to
specify this kind of thing as an attribute on the method.
Something like:

    [RubyMethod("getsockopt")]
    [RubySafeLevel(2)]
    public static MutableString GetSocketOption(CodeContext/*!*/ 

context, RubyBasicSocket/!/ self, object/Numeric/ level,
object/Numeric/ optname) {

Rather than:

    [RubyMethod("getsockopt")]
    public static MutableString GetSocketOption(CodeContext/*!*/ 

context, RubyBasicSocket/!/ self, object/Numeric/ level,
object/Numeric/ optname) {
Protocols.CheckSafeLevel(context, 2, “getsockopt”);

}

Or maybe even more cleverly integrate it into the .NET security
permissions attributes.
What do you think?
Pete

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs