[IronPython] Security of DLR host
pavel.savara at gmail.com
Sun Aug 3 11:32:04 PDT 2008
> Have you read the DLR hosting spec? (That old article of mine on the PAL
> will be updated soon (I thought it already was!) - there is no need to do
> any of that tinkering for what the article was trying to achieve.)
Yes. Now I can understand API, however not implementation.
Now I'm able to construct my own BrowserScriptHost and BrowserPAL.
But on the PAL is only LoadAssembly to override.
For Import("System.Windows.Application") it does nothing as the
assembly is already loaded.
So catching Import was not good idea. Also because we could navigate
there to Application.Current without import, right ?
I would rather like to ban namespaces now. For known (already loaded)
namespaces I could easily recognize them. All other namespaces are
allowed (defined by script or allowed by host).
I seen something simillar on SecurityManager.checkPackageAccess() in Java.
In hosting spec I seen something like Scope and seen some Globals.Dict
in debugger which contains them somehow. .... I'm lost in the
complexity of stuff inside, sorry for lameness.
I also thinking about dynamic code similar to
var current = typeof (System.Windows.Application).GetField("Current",
That should also invoke checkPackageAccess()
As was already pointed out there are probably several ways how to
compromise the scripting host by malicious code. I think that analysis
by someone more educated than me would be very useful.
Do you thing we still could find some way how to secure it ? Is my
security scenario serious enough to become requirement for DLR ?
Should I open issue on codeplex for it ?
>> Users mailing list
>> Users at lists.ironpython.com
> Users mailing list
> Users at lists.ironpython.com
More information about the Users