最终,最安全的方法是创建您自己的解释器,该解释器根本不具备让恶意脚本执行任何破坏性任务的功能(即它们对现实世界没有影响),这是一个可以写满书籍的主题。解释器将代码转换为可由虚拟机执行的格式,虚拟机模拟您想要支持的任何系统功能并提供沙盒系统调用(尽管后者也可以由您创建的解释器库提供)。基于虚拟机的项目允许您支持多种语言,而无需为每种语言创建执行器。 Microsoft 的 CLI 和 VES 提供了一个示例。
The simplest option is to run a sandboxed virtual server. You can also try the PHP sandbox, though it doesn't look to be sufficient.
Ultimately, the safest approach would be to create your own interpreters that simply don't have capabilities that would let malicious scripts perform any damaging tasks (i.e. they have no affect in the real world), which is a topic that can fill books. The interpreter translates the code into a format that can be executed by a VM, which emulates whatever system features you want to support and provides sandboxed system calls (though the latter can also be provided by interpreter libraries you create). Basing the project on a VM allows you to support multiple languages without having to create an executor for each. Microsoft's CLI and VES provide an example of this.
发布评论
评论(1)
最简单的选择是运行沙盒虚拟服务器。您还可以尝试 PHP 沙箱,尽管它看起来并不充足的。
最终,最安全的方法是创建您自己的解释器,该解释器根本不具备让恶意脚本执行任何破坏性任务的功能(即它们对现实世界没有影响),这是一个可以写满书籍的主题。解释器将代码转换为可由虚拟机执行的格式,虚拟机模拟您想要支持的任何系统功能并提供沙盒系统调用(尽管后者也可以由您创建的解释器库提供)。基于虚拟机的项目允许您支持多种语言,而无需为每种语言创建执行器。 Microsoft 的 CLI 和 VES 提供了一个示例。
当谈到包含更多信息的书籍时,基本上是关于 编译器/解释器 和 虚拟机 是基本的相关性。有关 VM 的更多信息,另请参阅“有关制作 VM 的优秀文献”, “简单解释语言设计和实现”。
The simplest option is to run a sandboxed virtual server. You can also try the PHP sandbox, though it doesn't look to be sufficient.
Ultimately, the safest approach would be to create your own interpreters that simply don't have capabilities that would let malicious scripts perform any damaging tasks (i.e. they have no affect in the real world), which is a topic that can fill books. The interpreter translates the code into a format that can be executed by a VM, which emulates whatever system features you want to support and provides sandboxed system calls (though the latter can also be provided by interpreter libraries you create). Basing the project on a VM allows you to support multiple languages without having to create an executor for each. Microsoft's CLI and VES provide an example of this.
When it comes to books with more information, basically anything on compilers/interpreters and virtual machines is of primary relevance. For more on VMs, see also "Good literature about making a VM", "Simple Interpreted Language Design & Implementation".