IronLanguages
Feature Request: Implement a restricted mode
I'm interested in using IronPython as a scripting language for my app, as I've done benchmarks on many popular .net scripting solutions and IronPython comes on top - and speed is important for this app. However security is also important. I would like to create a platform where users can share their scripts, but not if I cannot lock down the scripts from being able to make any system changes.
The biggest hurdle I'm up against is that IronPython is completely unrestricted. I have resorted to doing the following to sand box the app, without forking this code base.
- Modified the sys module to provide only a handful of its members
- Created a string list of built in modules to be restricted - based off what I found from IronPython.Modules. Modules like winreg, _thread i have restricted, where modules like time I've kept.
- Created my own import function of which is a copy-paste from source code with modifications to enforce the restricted modules.
- Removed some built-in methods. Such as open
I'm hoping this is enough, but I can't be sure. I'm also hoping that by restricting the builtins, i can use the standard library, and modules from the standard library that use the restricted functionality will just not work.
This issue is a request to implement such a mode in this project.
You could always try using the Windows AppContainer, though I'm unsure whether IronPython might just go directly past that. Does CPython also have a restricted mode...?
@Lamparter
CPython did have a restricted mode that I think is now obsolete. AppContainer is a no because this is a desktop app, not a backend. Appdomain isolation is a no because of performance.
You might look at PowerShell's No Language, Restricted Language, and Constrained Language Modes for ideas too as how to lock down IronPython using pre-existing C# implementations.
No idea where the NLM/RLM/CLM code lives in the PowerShell codebase though
