[IronPython] Re strict imports
hellosticky
hellosticky at gmail.com
Sat Aug 23 21:38:47 CEST 2008
For the second discussion (004740.html), it wasn't discussed, but the user could have followed the Second Life approach to gauging/pausing/resuming execution [1]. From the Second Life blog [2]:
"The other difficulty with Second Life scripts is that they can migrate between simulators while they are running. You are perfectly entitled to write a script which never stops running and then to tie it to a rocket that you fire in to another region. This is relatively easy to do when all of your script state is in a single 16K block, but much harder when your script has been Just In Time compiled to machine code and its state is scattered throughout memory, registers and an operating system thread.
The solution we implemented for Second Life was to use RAIL on top of .NETs Reflection and Reflection.Emit facilities to inject microthreading in to the script assemblies, an approach used by the JavaGoX and Brakes projects to implement mobile agents in Java. Our microthread injector searches through the script assembly finding points where the script should yield and inducing the types on the stack at those points. It can then inject extra opcodes in to the assembly which copy the stack in to a heap object and cause the script to yield. Whenever a script yields we can restore another script from its previously saved heap object and start it running again, allowing us to schedule many microthreaded scripts on a single operating system thread. By marking the heap objects as serializable we can then just use the standard .NET communication facilities to migrate scripts to remote simulators where they can continue running."
[1] http://download.microsoft.com/download/9/4/1/94138e2a-d9dc-435a-9240-bcd985bf5bd7/Jim-Cory-SecondLife.wmv
[2] http://blog.secondlife.com/2006/05/05/microthreading-mono/
_____
From: users-bounces at lists.ironpython.com [mailto:users-bounces at lists.ironpython.com] On Behalf Of Michael Foord
Sent: Saturday, August 23, 2008 2:45 PM
To: Discussion of IronPython
Subject: Re: [IronPython] Re strict imports
2008/8/23 Dody Gunawinata <empirebuilder at gmail.com>
http://lists.ironpython.com/htdig.cgi/users-ironpython.com/2008-April/006765.html
Points to a bug in IronPython that is now fixed:
http://www.codeplex.com/IronPython/WorkItem/View.aspx?WorkItemId=15928
<http://lists.ironpython.com/htdig.cgi/users-ironpython.com/2008-April/006765.html>
http://lists.ironpython.com/htdig.cgi/users-ironpython.com/2007-April/004740.html
A discussion by someone who wants to do a lot more than just restrict imports and file access.
Michael
On Sat, Aug 23, 2008 at 3:32 PM, Michael Foord <fuzzyman at voidspace.org.uk> wrote:
> Search the mailing list archive on this issue. The bottom line is, you
> can't
> - but there are tricks to make it more difficult.
>
Is that true? You can create an IronPython Engine in an AppDomain
(IronPython 2 has lots of explicit support for this) and restrict the
privileges of the AppDomain. Why would that not work?
Michael
> Dody G.
>
> On Fri, Aug 22, 2008 at 10:03 PM, Huzaifa <huzi_1982 at hotmail.com> wrote:
>
>>
>> how can i restrict my user that he can not perform any imports or I/O
>> operations in the script.
>> --
>> View this message in context:
>> http://www.nabble.com/Restrict-imports-tp19113682p19113682.html
>> Sent from the IronPython mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.ironpython.com
>> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>
>
>
>
> --
> nomadlife.org
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
--
http://www.ironpythoninaction.com
_______________________________________________
Users mailing list
Users at lists.ironpython.com
http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
--
nomadlife.org
_______________________________________________
Users mailing list
Users at lists.ironpython.com
http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
--
http://www.ironpythoninaction.com/
http://www.voidspace.org.uk/
http://www.ironpython.info/
http://www.resolverhacks.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20080823/5e141435/attachment.html>
More information about the Ironpython-users
mailing list