D
Derick Eddington
Hi, this is my first post here. I've just started learning about Ruby (a few
days ago so forgive my ignorance) motivated by a desire to learn if it can be a
capability-secure language.
What control is possible over the namespace Ruby code executes in? Can the
ambient/default authority available to code be restricted? I want to be able
to make my own namespace for untrusted code to execute in where all default
objects (especially ones like ObjectSpace) can be selectively removed and my
own can be put in. I'm aware of eval(codestr, binding). Can I construct a
Binding object from scratch with just what I want in it? Can I permanently
delete unwanted objects from the base namespace? Very important is the ability
to prevent module importing. Can this be done? Another potential ambient
authority problem is built-in/language-syntax abilities like "" creates a new
String. Can I do things like change String class and then "" will use the new
modified class?
Just how opaque can Ruby objects be made to be? I'm aware of making private
methods and that variables require accessor methods but I've seen the name and
value of instance variables printed in objects' string representations. Can
the internals of Ruby objects be made completely invisible? Can I make an
object where having a reference to the object gives you ONLY the ability to
call its desired-to-be-exposed methods and transfer the reference, and
absolutely nothing else. Meaning tricky things like: evil = a.class.new() or
evil = a._internal_[1].namespace["secret"] can be made impossible? Can I
make a class that nullifies all public methods from base class Object? Would
this make it provably impossible to do anything other than call the public
methods I make?
I hope you get my drift. The basic principle of capability-security is
"authority with designation". How much can I restrict what is designatable to
Ruby code?
--Derick
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
days ago so forgive my ignorance) motivated by a desire to learn if it can be a
capability-secure language.
What control is possible over the namespace Ruby code executes in? Can the
ambient/default authority available to code be restricted? I want to be able
to make my own namespace for untrusted code to execute in where all default
objects (especially ones like ObjectSpace) can be selectively removed and my
own can be put in. I'm aware of eval(codestr, binding). Can I construct a
Binding object from scratch with just what I want in it? Can I permanently
delete unwanted objects from the base namespace? Very important is the ability
to prevent module importing. Can this be done? Another potential ambient
authority problem is built-in/language-syntax abilities like "" creates a new
String. Can I do things like change String class and then "" will use the new
modified class?
Just how opaque can Ruby objects be made to be? I'm aware of making private
methods and that variables require accessor methods but I've seen the name and
value of instance variables printed in objects' string representations. Can
the internals of Ruby objects be made completely invisible? Can I make an
object where having a reference to the object gives you ONLY the ability to
call its desired-to-be-exposed methods and transfer the reference, and
absolutely nothing else. Meaning tricky things like: evil = a.class.new() or
evil = a._internal_[1].namespace["secret"] can be made impossible? Can I
make a class that nullifies all public methods from base class Object? Would
this make it provably impossible to do anything other than call the public
methods I make?
I hope you get my drift. The basic principle of capability-security is
"authority with designation". How much can I restrict what is designatable to
Ruby code?
--Derick
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/