Sysquake Pro – Table of Contents
Sysquake for LaTeX – Table of Contents
Sandbox Functions
sandbox
Execute untrusted code in a secure environment.
Syntax
sandbox(str) sandbox(str, varin) varout = sandbox(str) varout = sandbox(str, varin)
Description
sandbox(str) executes the statements in string str. Functions which might do harm if used improperly are disabled; they include those related to the file system, to devices and to the network. Global and persistent variables are forbidden as well; but local variables can be created. The same restrictions apply to functions called directly or indirectly by statements in str. The purpose of sandbox is to permit the evaluation of code which comes from untrusted sources, such as the Internet.
sandbox(str,varin) evaluates the statements in string str in a context with local variables equal to the fields of structure varin.
With an output argument, sandbox collects the contents of all variables in the fields of a single structure.
An error is thrown when the argument of sandbox attempts to execute one of the functions which are disabled. This error can be caught by a try/catch construct outside sandbox, but not inside its argument, so that unsuccessful attempts to circumvent the sandbox are always reported to the appropriate level.
Examples
Evaluation of two assignments; the second value is displayed, and the variables are discarded at the end of the evaluation.
sandbox('a=2; b=3:5'); b = 3 4 5
Evaluation of two assignments; the contents of the variables are stored in structure result.
result = sandbox('a=2; b=3:5;') result = a: 2 b: real 1x3
Evaluation with local variables x and y initialized with the field of a structure. Variable z is local to the sandbox.
in.x = 12; in.y = 1:10; sandbox('z = x + y', in); z = 13 14 15 16 17 18 19 20 21 22
Attempt to execute the untrusted function fopen and to hide it from the outside. Both attempts fail: fopen is trapped and the security violation error is propagated outside the sandbox.
sandbox('try; fd=fopen('/etc/passwd'); end'); Security violation 'fopen'
See also
sandboxtrust
Escape the sandbox restrictions.
Syntax
sandboxtrust(fun)
Description
sandboxtrust(fun) sets a flag associated with function fun so that fun is executed without restriction, even when called from a sandbox. All functions called directly or indirectly from a trusted function are executed without restriction, except if a nested call to sandbox is performed. Argument fun can be a function reference or the name of a function as a string; the function must be a user function, not a built-in one.
The purpose of sandboxtrust is to give back some of the capabilities of unrestricted code to code executed in a sandbox. For instance, if unsecure code must be able to read the contents of a specific file, a trusted function should be written for that. It is very important for the trusted function to check carefully its arguments, such as file paths or URL.
Example
Function which reads the contents of file 'data.txt':
function data = readFile fd = fopen('data.txt'); data = fread(fd, inf, '*char'); fclose(fd);
Execution of unsecure code which may read this file:
sandboxtrust(@readFile); sandbox('d = readFile;');