Safe mode: Difference between revisions
Content added Content deleted
Puppydrum64 (talk | contribs) mNo edit summary |
Thundergnat (talk | contribs) m (syntax highlighting fixup automation) |
||
| Line 18: | Line 18: | ||
=={{header|AWK}}== |
=={{header|AWK}}== |
||
<syntaxhighlight lang="awk"> |
|||
<lang AWK> |
|||
# syntax: GAWK --sandbox -f SAFE_MODE.AWK |
# syntax: GAWK --sandbox -f SAFE_MODE.AWK |
||
# |
# |
||
| Line 37: | Line 37: | ||
exit(0) |
exit(0) |
||
} |
} |
||
</syntaxhighlight> |
|||
</lang> |
|||
<!-- == Free Pascal == --> |
<!-- == Free Pascal == --> |
||
| Line 47: | Line 47: | ||
The easiest way to test this is to add the <CODE>--sandbox</CODE> option when starting Frink. This enforces the strictest sandboxing mode. Similarly, when creating a Frink interpreter from Java code, the most restrictive security can be enabled by calling its <CODE><I>Frink</I>.setRestrictiveSecurity(true)</CODE> method. |
The easiest way to test this is to add the <CODE>--sandbox</CODE> option when starting Frink. This enforces the strictest sandboxing mode. Similarly, when creating a Frink interpreter from Java code, the most restrictive security can be enabled by calling its <CODE><I>Frink</I>.setRestrictiveSecurity(true)</CODE> method. |
||
< |
<syntaxhighlight lang="java"> |
||
frink.parser.Frink interp = new frink.parser.Frink(); |
frink.parser.Frink interp = new frink.parser.Frink(); |
||
interp.setRestrictiveSecurity(true); |
interp.setRestrictiveSecurity(true); |
||
</syntaxhighlight> |
|||
</lang> |
|||
Below are some operations that can be allowed/disallowed from a custom security manager. For most of these, the permission can be restricted to allow/disallow a ''particular'' file, URL, or class, or method: |
Below are some operations that can be allowed/disallowed from a custom security manager. For most of these, the permission can be restricted to allow/disallow a ''particular'' file, URL, or class, or method: |
||
| Line 95: | Line 95: | ||
For example, given '''safer.jsi''': |
For example, given '''safer.jsi''': |
||
< |
<syntaxhighlight lang="javascript">File.write('/tmp/safer-mode.txt', 'data line');</syntaxhighlight> |
||
{{out}} |
{{out}} |
||
| Line 115: | Line 115: | ||
Some control is allowed over the restrictions provided by safer mode. |
Some control is allowed over the restrictions provided by safer mode. |
||
< |
<syntaxhighlight lang="javascript">var interp1 = new Interp({isSafe:true, safeWriteDirs:['/tmp'], , safeReadDirs:['/tmp']});</syntaxhighlight> |
||
=={{header|Perl}}== |
=={{header|Perl}}== |
||
| Line 197: | Line 197: | ||
Regina REXX supports a '''--restricted''' command-line option, and embedded interpreters can also be set to run restricted. Many commands are disabled in this mode, including most access to hosted services. The intrinsic '''FUNCTION REXX()''' extension in GnuCOBOL defaults to restricted mode, and programmers must explicitly use '''FUNCTION REXX-UNRESTRICTED(script, args...)''' for access to the full REXX programming environment from that [[COBOL]] implementation. |
Regina REXX supports a '''--restricted''' command-line option, and embedded interpreters can also be set to run restricted. Many commands are disabled in this mode, including most access to hosted services. The intrinsic '''FUNCTION REXX()''' extension in GnuCOBOL defaults to restricted mode, and programmers must explicitly use '''FUNCTION REXX-UNRESTRICTED(script, args...)''' for access to the full REXX programming environment from that [[COBOL]] implementation. |
||
< |
<syntaxhighlight lang="cobol"> identification division. |
||
program-id. rexxtrial. |
program-id. rexxtrial. |
||
| Line 219: | Line 219: | ||
display "No exception raised: " exception-status |
display "No exception raised: " exception-status |
||
goback. |
goback. |
||
end program rexxtrial.</ |
end program rexxtrial.</syntaxhighlight> |
||
{{out}} |
{{out}} |
||