Safe mode: Difference between revisions
Created page with "{{draft task}} Does the language implementation allow for a "safer mode" of execution? Usually termed '''Safe mode''', a more realistic view is probably '''Safer mode''' or..." |
mNo edit summary |
||
Line 9:
The '''jsish''' interpreter allows a '''-s''', '''--safe''' command line switch to restrict access to the file system.
For example, given
<lang javascript>File.write('/tmp/safer-mode.txt', 'data line');</lang>
|
Revision as of 17:15, 18 February 2019
Does the language implementation allow for a "safer mode" of execution? Usually termed Safe mode, a more realistic view is probably Safer mode or restricted mode. It is one thing to place restrictions on execution, and another thing entirely to allow execution of scripts from untrusted sources and assume nothing untoward will happen.
Along with a simple yes/no answer, describe what features are restricted when running in safe mode.
Jsish
The jsish interpreter allows a -s, --safe command line switch to restrict access to the file system.
For example, given safer.jsi:
<lang javascript>File.write('/tmp/safer-mode.txt', 'data line');</lang>
- Output:
prompt$ jsish safer.jsi prompt$ jsish -s safer.jsi /home/btiffin/lang/jsish/safer.jsi:2: error: write access denied by safe interp: /tmp/safer-mode.txt (at or near "data line") ERROR
The Jsish implementation borrows many ideas from , and also includes an Interp module. These sub interpreters can also be set to run in a safer mode.
prompt$ jsish # var si = new Interp({isSafe:true}); variable # si.source('safer.jsi'); error: read access denied: ./safer.jsi ERROR
Some control is allowed over the restrictions provided by safer mode.
<lang javascript>var interp1 = new Interp({isSafe:true, safeWriteDirs:['/tmp'], , safeReadDirs:['/tmp']});</lang>