Hi Rebols,
as I understand it, the main point of Secure is its ability to
restrict the rights of an untrusted script (eg. %untrusted.r),
when the user is not sure, if he/she can run it without eg.
damaging his/her files on the harddisk.
Here is an example of a naive use of Secure:
; create a sanbox directory, if it doesn't exist already
sandbox: %./sandbox/
if not exists? sandbox [
make-dir sandbox
]
; give the untrusted script file rights in the sandbox and no file
rights elsewhere
orig-rights: do compose/deep [
secure [
net allow
file throw
%. [allow read allow execute]
(sandbox) allow
]
]
change-dir sandbox
do %../untrusted.r
print "Untrusted script done."
change-dir %../
; restore the original rights - potentially dangerous operation -
see below
do reduce ['secure :orig-rights]
Although the above looks allright, if the untrusted script looks
like:
Rebol [
File: %untrusted.r
]
love-you: func [
'level [word! block!]
] [
love-you allow
print "I love you!"
]
set [love-you secure] reduce [:secure :love-you]
the user's files may get damaged, which implies, that restoring
the security level after executing an untrusted script is
dangerous!
What do you think?
Ladislav
