Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 2 down vote favorite

I'm looking into implementing a system wherein users are able to pass scripts to our server and have them executed. Thankfully there are plenty of resources for Embedding Python into C#. However I am mostly worried about users passing scripts that access system functions and cause undesirable or even malicious results. Main example being: Writing to files on the server unrestricted.

I've been searching for a good way to completely limit a script's access to strictly just the framework classes that we offer clients but most of the hits that I find are basically "here's how you embed a script interpreter in C#" but never mentions any safety concerns like limiting access. Admittedly I could do an initial pass over the script and search for any blacklisted code but there is always the chance to miss something.

There's no requirement about which language gets executed, preferably something that can be compiled ahead of time. The server will be running C# to answer requests and delegating some to the user created code. I'm just having trouble finding any method with any language that limits access from user made code.

share|improve this question
Check out FLEE or NCalc. Both should let you restrict users to permitted types and allow you to expose/create specialized (secure) method wrappers as needed. EDIT: Although these are focused on single expressions (you can make some pretty complex expressions though) perhaps they'll be sufficient for what is needed. – Chris Sinclair Mar 3 at 19:59

1 Answer

up vote 2 down vote accepted

I highly recommend that you use Lua, which is intended for exactly this sort of thing. Every function, whether user-written or built-in, is an entry in a table, so the capabilities of a script can be restricted very easily. Removing the io table, for example, is an easy way to prevent malicious file system changes.

share|improve this answer
It sounds like you're talking about something like Remove functions from os library which sounds like exactly what I'm looking for. I'll check it out tomorrow and check mark your answer if everything works out. Thanks. – Muuski Mar 4 at 11:03
The global environment (symbol table) of any embedded Lua script is under the complete control of the C code that calls that script. The script cannot access anything that doesn't appear in this table, and because it is a Lua table like any other it is simple to remove undesirable elements. Standard Lua libraries are accessed through subtables of the environment, so just deleting the io element prevents access to any I/O functions while leaving the harmless math and string etc. libraries available. – Borodin Mar 4 at 11:34

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.