Untrusted environment: Difference between revisions
→{{header|Phix}}: removed incomplete tag, and documented the new safe_mode handling.
Puppydrum64 (talk | contribs) |
(→{{header|Phix}}: removed incomplete tag, and documented the new safe_mode handling.) |
||
Line 164:
=={{header|Phix}}==
'''with safe_mode''' disables most potentially dangerous features such as file i/o, and invoking c_func/proc() or using inline assembly outside of Phix\builtins\, which should make it safer to try out code from an untrusted source. It behaves identically to a -safe command line option, however relying on the latter risks leaving a dangerous file lying around that might accidentally be run without the proper command line flag in some idle moment much later, whereas of course if you put it in the source, that's not such an issue.
See demo\rosetta\safe_mode.exw for the remnants of a development testbed for this feature. Note that builtins\VM\pDiagN.e has to switch it off (eg to write an ex.err file when the program crashes), which is trivial to do but only via #ilASM{}, so a malicious programmer simply cannot, that is, as long as you actually use safe_mode, and don't ever put untrusted code into the builtins\ directory. Special allowances are made for mpfr.e (aka gmp) and pGUI.e (aka IUP), since they're not inherently dangerous; there might be some other libraries that deserve similar treatment.
Standard disclaimer applies:<br>
Everything this relies on was added for this task in less than 24 hours.<br>
In no way do I even begin to think this is secure or complete, but just
yesterday (at the time of writing) it was 100% totally insecure: there
was no "with safe_mode" option, no -safe command line option, nothing
at all to check or even store that option in the compiler, or runtime.
Should you want this to be improved, simply add more tests to demo\rosetta\safe_mode.exw, and
obviously complain if/should they not entirely meet your expectations.
=={{header|Racket}}==
|