Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kbenson
Level 7

RUN() and a clean execution environment

What's the chances of getting a function like RUN() that sequesters the PKG:/ root away from the newly running code?

It would greatly reduce work on our end for our upcoming project. It's not required, but it would be SOOO much easier.
-- GandK Labs
Check out Reversi! in the channel store!
0 Kudos
3 REPLIES 3\
kbenson
Level 7

Re: RUN() and a clean execution environment

I actually have what appears to be a decent way to prevent the file access, but would prefer something more... definitive.

You can include in the name of the source files in the original package characters that BrightScript can't read (e.g. "?"), and then no access of the file seems to work from within BrightScript.
-- GandK Labs
Check out Reversi! in the channel store!
0 Kudos
RokuKevin
Level 9

Re: RUN() and a clean execution environment

We do not currently have any plans to restrict access to the pkg:/ contents within Run(). You should only try to Run() code that you trust (maybe via ssl mutual auth with roku-x-reserved-header).

Is there some special usage case I'm missing?

--Kevin
0 Kudos
kbenson
Level 7

Re: RUN() and a clean execution environment

"RokuKevin" wrote:
We do not currently have any plans to restrict access to the pkg:/ contents within Run(). You should only try to Run() code that you trust (maybe via ssl mutual auth with roku-x-reserved-header).

Is there some special usage case I'm missing?


Vetted third party code. While reviewed, flagged and scrubbed, it's possible to miss possible access of original pkg:/ files (human error), and I'm trying to provide a high level of assurance. If the code in question is dynamically downloaded and run over a secure system, it itself becomes the weak. There's no way to definitively secure your access methods if he source defining those methods can be accessed and posted to a remote location.

I'll admit it's a fairly limited use case, and I've got a full system defined (policy, manual review, hard limits in current language capabilities) to prevent that access, but a definitive way not based on a current language limitation would be better than relying on just that limitation and code review (which would be used regardless of the Roku's ability to chroot code).

I believe my current methods DO provide a high level of assurance (you can get quite far through flagging certain language features as off limits or requiring quite a bit more thorough review), but the more blocks in place the better.
-- GandK Labs
Check out Reversi! in the channel store!
0 Kudos