Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sandboxed scripting

I'm interested in how I could use a scripting language to execute simple blocks of code in a sandboxed manner. The host language/environment could be c#/ruby/python/java (anything but c). But the scripting language could equally be something obscure such as javascript/python/ruby/perl etc.

What I want is a way of executing script with traditional programming constructs i.e. conditionals/loops/date manipulation/arrays etc. But what I don't want is to expose things such as IO, connectivity to http streams, databases etc.

I'm currently looking at spidermonkey using the python adapter, but I wondered if there were other options that I should consider.

like image 255
Owen Avatar asked Feb 18 '10 22:02

Owen


2 Answers

Lua is very easy to sandbox code in. Here's a reference on the Lua wiki. It's a terrific minimalist scripting language, easy to embed in other (C or C++) code. So your host would be Lua embedded in some other code (or just the factory-installed Lua interpreter). Your scripting language would be Lua.

If you don't know it, though, I'm sure there are other good solutions that don't require you to learn a new language.

like image 78
dubiousjim Avatar answered Sep 25 '22 04:09

dubiousjim


You could do it with .NET (VB, C#, any language) via Code Access Security - set the policy on the machine to not allow access to any Framework classes you like.

See Setting Security Policy.

By default the policy allows code that originated on the local machine to do anything; you can set it so that by default, code cannot call into the I/O classes, cannot do HTTP connections, and so on.

like image 45
Cheeso Avatar answered Sep 23 '22 04:09

Cheeso