Feature Request: Implement a restricted mode

[jhimes144]

I'm interested in using IronPython as a scripting language for my app, as I've done benchmarks on many popular .net scripting solutions and IronPython comes on top - and speed is important for this app. However security is also important. I would like to create a platform where users can share their scripts, but not if I cannot lock down the scripts from being able to make any system changes.

The biggest hurdle I'm up against is that IronPython is completely unrestricted. I have resorted to doing the following to sand box the app, without forking this code base.

• Modified the sys module to provide only a handful of its members
• Created a string list of built in modules to be restricted - based off what I found from IronPython.Modules. Modules like winreg, _thread i have restricted, where modules like time I've kept.
• Created my own import function of which is a copy-paste from source code with modifications to enforce the restricted modules.
• Removed some built-in methods. Such as open

I'm hoping this is enough, but I can't be sure. I'm also hoping that by restricting the builtins, i can use the standard library, and modules from the standard library that use the restricted functionality will just not work.

This issue is a request to implement such a mode in this project.

[Lamparter]

You could always try using the Windows AppContainer, though I'm unsure whether IronPython might just go directly past that.
Does CPython also have a restricted mode...?

[jhimes144]

@Lamparter

CPython did have a restricted mode that I think is now obsolete. AppContainer is a no because this is a desktop app, not a backend. Appdomain isolation is a no because of performance.

[anonhostpi]

You might look at PowerShell's No Language, Restricted Language, and Constrained Language Modes for ideas too as how to lock down IronPython using pre-existing C# implementations.

No idea where the NLM/RLM/CLM code lives in the PowerShell codebase though