Rev Sandbox?

Jan Schenkel janschenkel at yahoo.com
Sun Nov 9 08:02:00 EST 2003


--- Jim Lyons <jimlyons at earthlink.net> wrote:
> Recently, Dan Schafer wrote:
> > (One of these days I'll understand the
> > mentality vandals who derive joy from merely
> disrupting the lives and
> > sanity of others. On second thought, I hope I
> never do understand that.
> > It's abominable.)
> 
> A dark thought that has been lurking in my
> world-weary mind is the risk
> we take by downloading stacks and running them on
> our machines. As more
> and more folks discover Revolution, there are more
> and more things to
> share and check out. So far, we have a cozy,
> friendly community of users
> and none of us would think of using Rev for anything
> disruptive, or
> worse. I feel pretty confident downloading things
> from the sites of
> people we have come to "know" here on the list. But
> we all know very
> well that some innocent looking little "Christmas
> Message" stack could
> conceal anything from a prank to a disaster. With
> Rev's internet
> capabilities, I suppose it could even be used to
> launch a worm.
> 
> So what can we do, other than only run stacks from
> reputable sources? I
> know there's no way to scan a stack and tell if it's
> evil. Would it be
> possible to devise a kind of sandbox to test new
> stacks in, that would
> prevent and report on attempts to write to the disk
> drive, send
> something over the net, etc?
> 
> Hoping for a better world,
> Jim Lyons
> 

Hi Jim,

Have a look at the global property 'secureMode' --
from its entry in the Transcript Dictionary : 

"Comments:
If the secureMode property is set to true, the
application cannot use the get, put, open file, read
from file, or write to file commands to gain access to
local files. The application cannot run programs with
the shell function, the open process command, or the 
launch command. On Windows systems, it cannot use the
deleteRegistry, queryRegistry, or setRegistry
functions to access the Windows system registry."

You could build a small player standalone that sets
secureMode to true on startup, and where you can enter
the URL and run it from there.

Hope this helped,

Jan Schenkel.

=====
"As we grow older, we grow both wiser and more foolish at the same time."  (La Rochefoucauld)

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


More information about the Use-livecode mailing list