[ANN] sandbox 0.0.11 -- taking the i out of eval

From: why the lucky stiff [mailto:ruby-talk@whytheluckystiff.net]
Sent: Wednesday, July 19, 2006 10:22 AM
To: ruby-talk ML
Subject: [ANN] sandbox 0.0.11 -- taking the i out of eval

<snip>

This module swaps in a new symbol table, so you can basically
manage multiple interpreters at once. There are so many
possibilities for using this. For emulating selector
namespaces, for jailing code.

  >> s = Sandbox.new
  >> s.eval("module Hidden; end")
  => nil
  >> Hidden
  NameError: uninitialized constant Hidden

Very cool. By any chance have you ever looked at Perl's Safe.pm? I'm
just curious if you have any comments as far as comparing and/or
contrasting it with your Sandbox code, or if there are any API features
from Safe.pm that you think would be worth borrowing.

Regards,

Dan

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

I'm not saavy enough with Perl's opcodes and its scope rules to say. It looks
like the Sandbox is addressable by the outside environment (as
*{$obj->root()."::$var"}) which isn't yet possible with my extension. Overall,
though, it's surprisingly similar. Also see IO's Core.Sandbox[1] and
TCL's interp[2] from which I took cues.

Thankyou for bringing this module up, though, I will definitely mine it for
ideas featurewise. Equivalents for `share` and `rdo` sub are definitely
planned.

Loading from a file `rdo` is a great example of how luscious this extension can be.
The master scope could load code from a Socket:
<http://balloon.hobix.com/serve.rb&gt; but the Sandbox could have wrappers for
Sockets and Files which would prompt the user for permission.

_why

[1] http://www.iolanguage.com/docs/reference/browser.cgi?path=Core+Sandbox
[2] Tcl - interp (n)