473,702 Members | 2,325 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Ruby/Python/REXX as a MUCK scripting language

I'm interested in using an off-the-shelf interpreted language as a
user-accessible scripting language for a MUCK. I'm just not sure if I
can find one that does everything I need. The MUCK must be able to
call the interpreter and execute scripts with it, but the interpreter
must also be able to call functions in the MUCK code. And then there's
the security issue that really worries me. . . I have to be able to
limit what the interpreter can execute. I can't have my users running
scripts that access the console, access the filesystem or sockets
directly, or call libraries or other binaries outside the MUCK.

Is this practical? I'm thinking of Ruby or Python for this, if they
can meet the requirements.

I might even consider REXX. . . I remember ARexx from my Amiga days,
and how great it was for string manipulation and application scripting.
However. . . My immediate target platform, Mac OS X, comes with Ruby
and Python but not REXX, so that's a disadvantage.

My final option would be to create my own language interpeter where I
have control over everything that happens. That is what MUCKs have
always done in the past. But the result was always quirky, limited
languages like MUF (Multi-User Forth) which really turn off a lot of
coders. Furthermore, I've never created a language before, and it
would be a lot of extra work for me.

--
Tony Belding, Hamilton Texas

Nov 24 '06 #1
12 2945

Tony Belding wrote:
I'm interested in using an off-the-shelf interpreted language as a
user-accessible scripting language for a MUCK. I'm just not sure if I
can find one that does everything I need. The MUCK must be able to
call the interpreter and execute scripts with it, but the interpreter
must also be able to call functions in the MUCK code. And then there's
the security issue that really worries me. . . I have to be able to
limit what the interpreter can execute. I can't have my users running
scripts that access the console, access the filesystem or sockets
directly, or call libraries or other binaries outside the MUCK.

Is this practical? I'm thinking of Ruby or Python for this, if they
can meet the requirements.

I might even consider REXX. . . I remember ARexx from my Amiga days,
and how great it was for string manipulation and application scripting.
However. . . My immediate target platform, Mac OS X, comes with Ruby
and Python but not REXX, so that's a disadvantage.

My final option would be to create my own language interpeter where I
have control over everything that happens. That is what MUCKs have
always done in the past. But the result was always quirky, limited
languages like MUF (Multi-User Forth) which really turn off a lot of
coders. Furthermore, I've never created a language before, and it
would be a lot of extra work for me.

--
Tony Belding, Hamilton Texas
Sandboxing is possible in recent versions of Ruby using _why's sandbox
package (http://code.whytheluckystiff.net/sandbox/). For a MUCK a
custom language might be better though - creating sandboxes for any
conventional language is likely to be too expensive to repeat for a
thousand objects at regular intervals. A custom language would make it
much easier to manage security while retaining decent performance.

Nov 25 '06 #2
Tony Belding wrote:
Is this practical? I'm thinking of Ruby or Python for this, if they
can meet the requirements.
Python had a sandbox module, but is was discarded because of security
problems.

If you want it working on MacOS, you may also have a look at Tcl, which has
a long tradition on MacOS and it comes with a very good implemented and
fully customizable sandbox. For a starting point, if Tcl sandbox meets your
requirements, have a look here:

Safe Tcl Overview: http://www.tcl.tk/software/plugin/safetcl.html
Docs about the specific Tcl commands, to create safe interpreters:
http://www.tcl.tk/man/tcl8.4/TclCmd/interp.htm (See in the lower third of
the page at "Safe Interpreters")
http://www.tcl.tk/man/tcl8.4/TclCmd/safe.htm

Regards
Stephan
Nov 25 '06 #3
In article <7f************ *****@newsread1 .news.pas.earth link.net>,
Dennis Lee Bieber <wl*****@ix.net com.comwrote:
>On Fri, 24 Nov 2006 18:11:21 -0600, Tony Belding <zo****@techie. com>
declaimed the following in comp.lang.pytho n:
>the security issue that really worries me. . . I have to be able to
limit what the interpreter can execute. I can't have my users running

That is going to be the killer... Python no-longer ships with a
"secure sandbox" module, because there were always ways to work around
it.
Nov 25 '06 #4

Tony Belding wrote:
I'm interested in using an off-the-shelf interpreted language as a
user-accessible scripting language for a MUCK. I'm just not sure if I
can find one that does everything I need. The MUCK must be able to call
the interpreter and execute scripts with it, but the interpreter must
also be able to call functions in the MUCK code. And then there's the
security issue that really worries me. . . I have to be able to limit
what the interpreter can execute. I can't have my users running scripts
that access the console, access the filesystem or sockets directly, or
call libraries or other binaries outside the MUCK.

Is this practical? I'm thinking of Ruby or Python for this, if they can
meet the requirements.
Don't forget Lua: www.lua.org
It fulfills your requirements and is easily embedable.

Nov 25 '06 #5
Hi Tony,

Tony Belding wrote:
I'm interested in using an off-the-shelf interpreted language as a
user-accessible scripting language for a MUCK. I'm just not sure if I
can find one that does everything I need. The MUCK must be able to call
the interpreter and execute scripts with it, but the interpreter must
also be able to call functions in the MUCK code. And then there's the
security issue that really worries me. . . I have to be able to limit
what the interpreter can execute. I can't have my users running scripts
that access the console, access the filesystem or sockets directly, or
call libraries or other binaries outside the MUCK.

Is this practical? I'm thinking of Ruby or Python for this, if they can
meet the requirements.

I might even consider REXX. . . I remember ARexx from my Amiga days,
and how great it was for string manipulation and application scripting.
However. . . My immediate target platform, Mac OS X, comes with Ruby
and Python but not REXX, so that's a disadvantage.

My final option would be to create my own language interpeter where I
have control over everything that happens. That is what MUCKs have
always done in the past. But the result was always quirky, limited
languages like MUF (Multi-User Forth) which really turn off a lot of
coders. Furthermore, I've never created a language before, and it would
be a lot of extra work for me.
Well, a few remarks here ad the REXX options that would be available to you:

- REXX (there was its 25th anniversary celebrated in 2004) has an object-oriented successor that
still can execute plain REXX code, but is realized as an object-oriented language: Object REXX. It
got originally developed by IBM, after their big customers indicated that they would be interested
in it. In 1997 Object REXX became part of OS/2 Warp 4. IBM sold Object REXX for AIX and Windows.

- In 2004 after negotiations took place with the non-profit Rexx Language Association (RexxLA,
http://www.RexxLA.org), IBM handed the source code of Object REXX over to the RexxLA which created a
free and open source version and distributed it in April 2005 for the first time as Open Object Rexx
(ooRexx) 3.0, cf. <http://www.ooRexx.org> ).

- The ooRexx source-code is hosted on Sourceforge and uses the Common Public License (CPL) 1.0 (cf.
<http://www.opensource. org/licenses/cpl1.0.php>). This means that you can freely use the code, edit
it your way and make it even part of your own (even commercial) product.

- This week a new drop of ooRexx, version 3.1.1, has been released, with binaries built for AIX
(first time that an official ooRexx binary got build for it!), Linux, MacOSX (first time that an
official ooRexx binyry got build for it PPC, Intel), Solaris (Intel, Sparc), and Windows.
[Additional binaries for additional environments can be built using the autoconf tools.]
So ooRexx has been made available for your main target platform for your MUCK application.

- Ad your needs w.r.t. calling functions of your MUCK applicaiton: yes, that is possible (and not
difficult at all).

- Ad your needs w.r.t. security needs of your MUCK application: yes, that is possible (and not
difficult at all):
Because of the history of ooRexx (it was a commercial product to be deployed at large sites,
security was a paramount issue), there is a Security Manager built into ooRexx.
The ooRexx security architecture is quite interesting, easy to use, very flexible as it allows you
to create as many differenct security policy rules as you may wish. The ooRexx security manager will
monitor all potential insecure actions from REXX and ooRexx programs (like accessing the
environment, accessing streams, accessing functions etc.) and inform the policy program about such
intended, possibly secure-threatening operations. The policy program then is able to decide to let
the action through, to execute a secure operation instead without the supervised REXX or ooRexx
program noticing this (!), or stop the execution of the supervised program alltogether.
If you are interested in this and need ideas, help for your MUCK needs, then please post, such that
people over here (ie. the <news:comp.lang .rexx>) can help you out.

- Ad ooRexx in general: it is an easy to learn and easy to use (follows still the original REXX
philosophy to be a "human centric" language!!), fully object-oriented language (influenced by
Smalltalk). There is a small, tutorial-like paper (written for this year's European Conference of
Object-Oriented Programming, ECOOP, workshop named "Revival of Dynamic Languages (RDL)
<http://prog.vub.ac.be/~wdmeuter/RDL06/>", which really gives a brief overview of the history and
the (interesting) features of the ooRexx langauge, entitled "Resurrecti ng REXX, Introducing Object
Rexx", to enable reflection and discussion of the language and its interesting concepts, cf.:
<http://prog.vub.ac.be/~wdmeuter/RDL06/Flatscher.pdf>. At the end of the paper there are a few, but
actually quite impressive nutshell examples, demonstrating the ease and power of ooRexx in different
environments.

- Ad prospects of ooRexx: ooRexx is actively being developed and enhanced. The RexxLA has been
organizing a yearly "Internatio nal Rexx Symposium", the 2007 symposium to probably take place in
Tampa, Florida, USA, from April 29th, 2007, through May 3rd, 2007. Maybe you or your partners may
want to stop by there (the conferences are rather personal, you get to meet everyone in person who
has been actively developing ooRexx and ooRexx applications)? 8-))

Again, if you have any questions, please post them.

Regards,

---rony

P.S.: I have been using ooRexx in classes introducing MIS students to oo-concepts and programming,
such that "enduser-programmer" kind of people can successfully deploy their acquired skills to
automate/remote-control/script Windows, Windows applications, but also Java and Java applications
and applications like OpenOffice/StarOffice possessing Java interfaces. As a matter of fact, such
students become able to create scripts to drive e.g. OpenOffice which run unchanged e.g. on MacOS,
Linux and Windows, which is actually very cost-effective and impressive, if one thinks about it!

Nov 25 '06 #6
i
Tony Belding skrev:
I'm interested in using an off-the-shelf interpreted language as a
user-accessible scripting language for a MUCK. I'm just not sure if I
can find one that does everything I need. The MUCK must be able to
call the interpreter and execute scripts with it, but the interpreter
must also be able to call functions in the MUCK code. And then there's
the security issue that really worries me. . . I have to be able to
limit what the interpreter can execute. I can't have my users running
scripts that access the console, access the filesystem or sockets
directly, or call libraries or other binaries outside the MUCK.

Is this practical? I'm thinking of Ruby or Python for this, if they
can meet the requirements.

I might even consider REXX. . . I remember ARexx from my Amiga days,
and how great it was for string manipulation and application scripting.
However. . . My immediate target platform, Mac OS X, comes with Ruby
and Python but not REXX, so that's a disadvantage.

My final option would be to create my own language interpeter where I
have control over everything that happens. That is what MUCKs have
always done in the past. But the result was always quirky, limited
languages like MUF (Multi-User Forth) which really turn off a lot of
coders. Furthermore, I've never created a language before, and it
would be a lot of extra work for me.

--
Tony Belding, Hamilton Texas
Regina REXX har a "restricted mode", but it doesn't allow external
calls so this is probably not a solution for You. Nevertheless, here
is an excerpt from the manual about that mode:

"2.6.3Regin a Restricted Mode
Many language interpreters provide a mechanism where code executed
within that interpreter is
limited to affecting the environment of the interpreter and cannot
change the external environment
in which the interpreter runs.
Restricted mode is used in situations where you need to guarantee that
the author of a Rexx
program is unable to affect the user's environment.
Situations where a restricted mode is applicable include, using Regina
as a database procedural
language, or as a language plug-in for a Web browser.
Features of Regina that are disabled in restricted mode are:
· LINEOUT, CHAROUT, POPEN, RXFUNCADD BIFs
· "OPEN WRITE", "OPEN BOTH" subcommands of STREAM BIF
· The "built-in" environments eg. SYSTEM, CMD or PATH of ADDRESS
command
· Setting the value of a variable in the external environment with
VALUE BIF.
· Calling external functions
To run Regina in restricted mode, you can start the Regina interpreter
from the command line with
the '-r' switch, or when using the Rexx SAA API, or-ing RXRESTRICTED to
the CallType
parameter of RexxStart() function."

Thomas Berg

Nov 26 '06 #7
In article <20061124181121 16807-zobeid@techieco m>,
Tony Belding <zo****@techie. comwrote:
My final option would be to create my own language interpeter...
If you're capable of doing that, I'd have thought you'd be capable of
taking the source code for Regina and modifying it so that either no
commands are passed to an external environment, or that only some are.
Surely that'd be less work than creating something from scratch.

--
Jeremy C B Nicoll, Edinburgh, Scotland - my opinions are my own.
Nov 26 '06 #8
Have you considered JavaScript Spidermonkey or JavaScript Rhino?
Sandboxing is automatic, and lots of people know the language already
(although fewer people are familiar with its dynamic object-oriented
capabilities).

Tony Belding wrote:
I'm interested in using an off-the-shelf interpreted language as a
user-accessible scripting language for a MUCK. I'm just not sure if I
can find one that does everything I need. The MUCK must be able to
call the interpreter and execute scripts with it, but the interpreter
must also be able to call functions in the MUCK code. And then there's
the security issue that really worries me. . . I have to be able to
limit what the interpreter can execute. I can't have my users running
scripts that access the console, access the filesystem or sockets
directly, or call libraries or other binaries outside the MUCK.

Is this practical? I'm thinking of Ruby or Python for this, if they
can meet the requirements.

I might even consider REXX. . . I remember ARexx from my Amiga days,
and how great it was for string manipulation and application scripting.
However. . . My immediate target platform, Mac OS X, comes with Ruby
and Python but not REXX, so that's a disadvantage.

My final option would be to create my own language interpeter where I
have control over everything that happens. That is what MUCKs have
always done in the past. But the result was always quirky, limited
languages like MUF (Multi-User Forth) which really turn off a lot of
coders. Furthermore, I've never created a language before, and it
would be a lot of extra work for me.

--
Tony Belding, Hamilton Texas
Nov 27 '06 #9
Fred Bayer a écrit :
>
Tony Belding wrote:
>I'm interested in using an off-the-shelf interpreted language as a
user-accessible scripting language for a MUCK. I'm just not sure if I
can find one that does everything I need. The MUCK must be able to
call the interpreter and execute scripts with it, but the interpreter
must also be able to call functions in the MUCK code. And then
there's the security issue that really worries me. . . I have to be
able to limit what the interpreter can execute. I can't have my users
running scripts that access the console, access the filesystem or
sockets directly, or call libraries or other binaries outside the MUCK.

Is this practical? I'm thinking of Ruby or Python for this, if they
can meet the requirements.

Don't forget Lua: www.lua.org
It fulfills your requirements and is easily embedable.
I Agree with F.Bayer, when reading OP post, I immediatly think about Lua.

Nov 27 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

220
19044
by: Brandon J. Van Every | last post by:
What's better about Ruby than Python? I'm sure there's something. What is it? This is not a troll. I'm language shopping and I want people's answers. I don't know beans about Ruby or have any preconceived ideas about it. I have noticed, however, that every programmer I talk to who's aware of Python is also talking about Ruby. So it seems that Ruby has the potential to compete with and displace Python. I'm curious on what basis it...
49
2851
by: Ville Vainio | last post by:
I don't know if you have seen this before, but here goes: http://text.userlinux.com/white_paper.html There is a jab at Python, though, mentioning that Ruby is more "refined". -- Ville Vainio http://www.students.tut.fi/~vainio24
13
2705
by: Wayne Folta | last post by:
I've been a long-time Perl programmer, though I've not used a boatload of packages nor much of the tacky OO. A couple of years ago, I decided to look into Python and Ruby. Python looked OK, but not that different. I did like the indent-as-group idea, which was different. Ruby looked very cool. But it was impossible to get good documentation. It seemed like a Japanese cult with a few western initiates. Well, MacOS X ships with Perl,...
30
3457
by: Christian Seberino | last post by:
How does Ruby compare to Python?? How good is DESIGN of Ruby compared to Python? Python's design is godly. I'm wondering if Ruby's is godly too. I've heard it has solid OOP design but then I've also heard there are lots of weird ways to do some things kinda like Perl which is bad for me. Any other ideas?
77
4042
by: Hunn E. Balsiche | last post by:
in term of its OO features, syntax consistencies, ease of use, and their development progress. I have not use python but heard about it quite often; and ruby, is it mature enough to be use for developing serious application, e.g web application as it has not many features in it yet. I've given up on Perl for its ugly syntax and it is not the easiest language to learn. How about PHP? Thanks
24
2314
by: Matt Feinstein | last post by:
Hi all-- I'm new to Python, and was somewhat taken aback to discover that the core language lacks some basic numerical types (e.g., single-precision float, short integers). I realize that there are extensions that add these types-- But what's the rationale for leaving them out? Have I wandered into a zone in the space/time continuum where people never have to read binary data files? Matt Feinstein
89
5117
by: Radioactive Man | last post by:
In python 2.3 (IDLE 1.0.3) running under windows 95, I get the following types of errors whenever I do simple arithmetic: 1st example: >>> 12.10 + 8.30 20.399999999999999 >>> 1.1 - 0.2 0.90000000000000013
11
1590
by: Adonis | last post by:
What I do not understand, or not clear to me I should say, is how can some people regard Python as a scripting language? In particular the JAVA crowd. Unless my understanding is off, and from what I can gather from googling, is that Python is compiled implicitly into bytecode then read into the interpreter, and in JAVA you must compile explicitly before it is interpreted, both have virtual machines, so why such a label since there is...
65
5519
by: Amol Vaidya | last post by:
Hi. I am interested in learning a new programming language, and have been debating whether to learn Ruby or Python. How do these compare and contrast with one another, and what advantages does one language provide over the other? I would like to consider as many opinions as I can on this matter before I start studying either language in depth. Any help/comments are greatly appreciated. Thanks in advance for your help.
0
8739
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8652
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9234
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8983
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8940
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6575
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4667
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3107
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2402
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.