JohnnyStarr
Wizard
Group: Members
Posts: 550
Joined: Feb 14, 2009
|
#1 Posted Oct 30, 2009, 8:49 pm
|
Ok, I know I've started a lot of Ruby threads, but I'm on a kick so here comes another...
I was thinking about using Procs as a sort of script for resets. I dont necessarily mean sandboxing, but it would be an easy way to load game objects. When it comes time to repop,
you could just say "room.reset" which runs that rooms individual script.
I guess the smart thing to do is create a sandbox, but is that really needed when me and my
friends are the only builders?
|
......................... Current Development: Lunacy (a Lua powered Merc project)
|
|
David Haley
Wizard
Group: Members
Posts: 5,731
Joined: Jun 30, 2007
|
#2 Posted Oct 30, 2009, 10:22 pm
|
Generally speaking, it's probably good to sandbox things even if "you" are the only user, because (a) it will make it far easier when you are no longer the only user, and (b) it will make it easier to protect yourself from accidental mistakes. Nick Gammon gave some examples of scripting resets into procedures in this thread from a couple of years ago; it's all in Lua but hopefully the general idea will be clear and easily adaptable for you. I don't believe he really covers sandboxing, though. Still, the system is quite flexible in general, and there is a little bit of discussion there about this approach in general.
|
|
|
Cratylus
Wizard
Group: Members
Posts: 1,224
Joined: May 22, 2006
|
#3 Posted Oct 30, 2009, 11:23 pm
|
Did anybody ask for Lua around here? I didn't. Anyone?
|
|
|
Runter
Wizard
Group: Members
Posts: 1,074
Joined: Jun 1, 2006
|
#4 Posted Oct 30, 2009, 11:27 pm
|
Cratylus said:
Did anybody ask for Lua around here? I didn't. Anyone?
Oh, Crat.
|
|
.........................
-Heath
For once you have tasted flight Ruby you will walk the earth with your eyes turned skywards,
for there you have been and there you will long to return. --
Leonardo Da Vinci Yukihiro Matsumoto
|
|
Runter
Wizard
Group: Members
Posts: 1,074
Joined: Jun 1, 2006
|
#5 Posted Oct 31, 2009, 8:08 am
|
staryavsky said:Ok, I know I've started a lot of Ruby threads, but I'm on a kick so here comes another...
I was thinking about using Procs as a sort of script for resets. I dont necessarily mean sandboxing, but it would be an easy way to load game objects. When it comes time to repop,
you could just say "room.reset" which runs that rooms individual script.
I guess the smart thing to do is create a sandbox, but is that really needed when me and my
friends are the only builders?
Maybe you can give a quick example of what you mean exactly by using Procs as a script?
On a side note, you might look at how you can use #eval to execute code saved as a string. It's pretty interesting, really.
|
|
.........................
-Heath
For once you have tasted flight Ruby you will walk the earth with your eyes turned skywards,
for there you have been and there you will long to return. --
Leonardo Da Vinci Yukihiro Matsumoto
|
|
JohnnyStarr
Wizard
Group: Members
Posts: 550
Joined: Feb 14, 2009
|
#6 Posted Oct 31, 2009, 2:13 pm
|
You know, I guess #eval does exactly what I had in mind. Thanks for the tip.
So here's an example:
Code (text): 1
2
3
4
5
6
7
8
9
10
11
12
13 |
# in room object
@script << "@mobs << world.create_mob_index['shire.mob.bilbo']"
# so when the timer for the rooms repop goes off do
room.script.call # or something to that effect
# or using eval?
eval(room.script)
|
Ok, so maybe this is just pseudo code, but I think the point comes across.
So, the best choice would be a sandbox. I just don't know how to go about it.
|
......................... Current Development: Lunacy (a Lua powered Merc project)
|
|
Runter
Wizard
Group: Members
Posts: 1,074
Joined: Jun 1, 2006
|
#7 Posted Oct 31, 2009, 2:38 pm
|
Yeah, I'm not really sure what you want to sandbox. You want to make it so people who have access to writing the scripts should only be limited to certain facilities in the language?
|
|
.........................
-Heath
For once you have tasted flight Ruby you will walk the earth with your eyes turned skywards,
for there you have been and there you will long to return. --
Leonardo Da Vinci Yukihiro Matsumoto
|
|
|
|
David Haley
Wizard
Group: Members
Posts: 5,731
Joined: Jun 30, 2007
|
#9 Posted Oct 31, 2009, 4:19 pm
|
Tyche said:Following links to embedding LUA in C is about as helpful and useful as posting pictures of turds.
Then it's a good thing nobody linked to a discussion of embedding Lua in C, although it would appear that some of us have reading deficiencies.
Seriously dude, this is getting old. Why are you turning this into some kind of personal war? Are you going to keep up this harassment in every thread from now on?
Runter said:Yeah, I'm not really sure what you want to sandbox. You want to make it so people who have access to writing the scripts should only be limited to certain facilities in the language?
That's the idea, yes. The problem with a full eval is that people can stick whatever they want in there. If you have trusted authors, then you can be pretty sure (hopefully) that they won't be doing things maliciously. But it's still possible to accidentally make mistakes that might not call sys.exit() (or whatever the equivalent is) but might loop incorrectly, etc.
Of course, the real danger isn't code from trusted authors, if you generally assume that they know what they're doing. Having a nice sandboxed environment where certain functions are disabled (OS and process control, especially, in addition to MUD control) makes it much safer to let more people write code. Even if you trust them to not maliciously harm things, you might not trust them to always know what they're doing. And, you can lower the bar on trust slightly if you know they can't delete things randomly.
|
|
|
JohnnyStarr
Wizard
Group: Members
Posts: 550
Joined: Feb 14, 2009
|
#10 Posted Oct 31, 2009, 4:40 pm
|
Ok, well that's very helpful. I was google'ing ruby sandbox gems and there seems to be some out there.
Tyche said:Yes, sandboxing code is pretty easy to do in Ruby.
Do you think you could show an example?
Is FARTs ruby through a sandbox, or did you just decide to create your own mini scripting language?
|
......................... Current Development: Lunacy (a Lua powered Merc project)
|
|
Runter
Wizard
Group: Members
Posts: 1,074
Joined: Jun 1, 2006
|
#11 Posted Oct 31, 2009, 8:37 pm
|
staryavsky said:Ok, well that's very helpful. I was google'ing ruby sandbox gems and there seems to be some out there.
Tyche said:Yes, sandboxing code is pretty easy to do in Ruby.
Do you think you could show an example?
Is FARTs ruby through a sandbox, or did you just decide to create your own mini scripting language?
It would actually be an example I would like to see as well. I'm coming up pretty empty on google search.
|
|
.........................
-Heath
For once you have tasted flight Ruby you will walk the earth with your eyes turned skywards,
for there you have been and there you will long to return. --
Leonardo Da Vinci Yukihiro Matsumoto
|
|
|
|
|
|
JohnnyStarr
Wizard
Group: Members
Posts: 550
Joined: Feb 14, 2009
|
#14 Posted Oct 31, 2009, 11:27 pm
|
I've been playing with the idea of (LEGOS) using Ruby. So far I've had tons of fun with it:
Code (text): 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65 |
class Operator
attr_reader :glyph, :method, :priority
def initialize(g,m,p)
@glyph, @method, @priority = g,m,p
end
def plus(l,r)
e = l + r
e.to_s
end
def minus(l,r)
e = l - r
e.to_s
end
def times(l,r)
e = l * r
e.to_s
end
def divide(l,r)
e = l / r
e.to_s
end
def assign(l,r)
l = r
l.to_s
end
end
# Test
require 'operator'
operators = [
Operator.new("+", :plus, 1),
Operator.new('-', :minus, 1),
Operator.new('/', :divide, 1),
Operator.new('*', :times, 1),
Operator.new('=', :assign, 2)
]
l = 100
r = 200
operators.each {|e| p l.to_s << " " << e.glyph << " " << r.to_s << " = " << e.send(e.method, l, r)}
OUTPUT:
"100 + 200 = 300"
"100 - 200 = -100"
"100 / 200 = 0"
"100 * 200 = 20000"
"100 = 200 = 200"
|
Like I said, just playing around, but I think this might be a good learning experience.
|
......................... Current Development: Lunacy (a Lua powered Merc project)
|
|
Tyche
Wizard
Group: Members
Posts: 1,059
Joined: May 23, 2006
|
#15 Posted Nov 1, 2009, 5:39 pm
|
staryavsky said:Tyche said:Yes, sandboxing code is pretty easy to do in Ruby.
Do you think you could show an example?
Code (text): 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48 |
require 'pp'
module Kernel
def sandbox
Thread.new {
$SAFE = 4
yield
}.join
end
end
class Monster
attr_accessor :state, :level
def initialize s, l
@state, @level = s, l
end
end
# The test script code
script = <<EOD
obj.state = :attack
obj.level = 20
EOD
obj = Monster.new :alert, 16
pp obj
pp obj.tainted?
# Allow object to be used
obj.taint
sandbox do
eval script
end
# Insert code to check object
pp obj
pp obj.tainted?
# Set object to untainted
obj.untaint
# Script should crash with security error here
sandbox do
eval script
end
|
Note this is very very restrictive in term of what you may do. And there is no guarantee that the object(s) exposed to the script are modified in unseemly ways. You can of course write code to examine the objects you've expose to make sure they are still okay. Also a script can be written to loop forever. This can be mitigated by writing a monitor thread that kills scripts that exceed some time threshold.
staryavsky said:
Is FARTs ruby through a sandbox, or did you just decide to create your own mini scripting language?
Yes it's the latter, which has the side effect of being "safe" because nothing "unsafe" was implemented.
It may be a better choice because you can implement a domain specific language that might make more sense to builders and players.
Perhaps one that is based on the familar command interface of the mud itself, like Mushcode is to Mushes or MobProgs is to MercMuds.
|
.........................   
For now we see through a glass, darkly; but then face to face: now I know in part; but then shall I know even as also I am known.
Last edited Nov 1, 2009, 5:59 pm by Tyche
|
|
