A sandbox is an isolated environment (a thread in our case); Things may go very badly wrong in the sandbox environment and not effect the environment that created it. This means that we must try very hard to limit the influence each environment has on the other. So the prototype and instructions of entry point “Closures” are verified to ensure they will not reduce or break isolation.
In practice this means entry point closures must not:
Instructions prohibited directly in the sandbox are:
No instructions are prohibited in the files which the sandbox may include, but allowing these instructions directly in the code which the sandbox executes at entry would break the isolation of the sandbox such that we couldn’t be sure the system would remain stable.
With these restrictions in place, we can be sure that a sandbox may do anything up to but excluding making PHP segfault, and not effect the environment that created it.
Package | Signatures | Date | Pharext | ||
---|---|---|---|---|---|
sandbox 0.1.3 |
⤋ phar (171.1 KB) |
# rsa.sig | # gpg.asc | 2019-09-17 | v4.1.2 |
⤋ phar.gz (41.6 KB) |
# rsa.sig | # gpg.asc | 2019-09-17 | v4.1.2 | |
⤋ phar.bz2 (35.3 KB) |
# rsa.sig | # gpg.asc | 2019-09-17 | v4.1.2 | |
sandbox 0.1.2 |
⤋ phar (171.9 KB) |
# rsa.sig | # gpg.asc | 2019-06-13 | v4.1.2 |
⤋ phar.gz (41.9 KB) |
# rsa.sig | # gpg.asc | 2019-06-13 | v4.1.2 | |
⤋ phar.bz2 (35.5 KB) |
# rsa.sig | # gpg.asc | 2019-06-13 | v4.1.2 | |
sandbox 0.1.1 |
⤋ phar (171.1 KB) |
# rsa.sig | # gpg.asc | 2019-01-15 | v4.1.2 |
⤋ phar.gz (41.3 KB) |
# rsa.sig | # gpg.asc | 2019-01-15 | v4.1.2 | |
⤋ phar.bz2 (35.4 KB) |
# rsa.sig | # gpg.asc | 2019-01-15 | v4.1.2 |
Show 1 older version(s) » Show less versions «
curl -sS \
-O https://replicator.pharext.org/phars/sandbox/sandbox-0.1.3.ext.phar \
-O https://replicator.pharext.org/sigs/sandbox/sandbox-0.1.3.ext.phar.sig \
-O https://replicator.pharext.org/sigs/sandbox/sandbox-0.1.3.ext.phar.asc
curl -sSO https://replicator.pharext.org/replicator.pub
openssl dgst \
-verify replicator.pub \
-signature sandbox-0.1.3.ext.phar.sig \
sandbox-0.1.3.ext.phar
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzsDXNox5V0V9GLcnXEu kxnhFs9+/AMm//1qJAoNwP6sgmYShuyI3NDZzCmT7tOIcpqW0I4P8D1Psrftyqbt spedAvyOLCLZXaOuE130aMlvfqEiO+s8ZVZL8aHLE/orLbpOexEs33a1j6shl5C6 MoojzK3uYccL4XJfj0t2nrC+XMfWE9oQGvyLZv3tNCzH4Oy7knWVVy10EKbKgPft izCFR+0mPYw35RN3gAGrug+khnVRMRNpS7B0uZ6E29Bgsrud9l91mVbrL+DaoaSa IFGeYuFGe2ZpHUfxf16S0w7ybPrrJJsD6cYOtwXjRZo+4ux6PdKZ+m3hnKWoj9IF OwIDAQAB -----END PUBLIC KEY-----
curl -sSO https://replicator.pharext.org/4093AEF6.pub
gpg --import 4093AEF6.pub
gpg --verify sandbox-0.1.3.ext.phar.asc \
sandbox-0.1.3.ext.phar
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFcBXgsBCACfOwNc2jHlXRX0YtydcS6TGeEWz378Ayb//WokCg3A/qyCZhKG 7Ijc0NnMKZPu04hympbQjg/wPU+yt+3Kpu2yl50C/I4sItldo64TXfRoyW9+oSI7 6zxlVkvxocsT+istuk57ESzfdrWPqyGXkLoyiiPMre5hxwvhcl+PS3aesL5cx9YT 2hAa/Itm/e00LMfg7LuSdZVXLXQQpsqA9+2LMIVH7SY9jDflE3eAAau6D6SGdVEx E2lLsHS5noTb0GCyu532X3WZVusv4NqhpJogUZ5i4UZ7ZmkdR/F/XpLTDvJs+usk mwPpxg63BeNFmj7i7Ho90pn6beGcpaiP0gU7ABEBAAG0K1BIQVJleHQgUmVwbGlj YXRvciA8cmVwbGljYXRvckBwaGFyZXh0Lm9yZz6JATcEEwEKACEFAlcBXgsCGwMF CwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQZJhrlUCTrvbYGAgAi120YHruidld uPTUS05/ZLoSn3orKkmkskOsjBrUqJvQHx1s8mqJpNJdbIrgPIxQPHauiE6Fj72q uv6TsVRxM+7VjiCHTbHmDheP5Zcyac7Nd/e62DsCYP7LAAx7MHbQvki6XQg4EsQZ cXMKRYuuizJxNGVUeZpusY5WXmc5PRIigsI4eh/2l96IK/eqTDSZiDUwv9ze+HMf JxOunBZVebYUQ3RYEWx1NseInxbiAnEdGM7phZH43jkohxPLROr3nWBmrJbBqULn m6M5fRucJoldU8VIzMdy0xxu+3PuX8aug96njK448r53wjb7yRf6WLonwjlFqTWq 0tZzZR3Ndw== =avra -----END PGP PUBLIC KEY BLOCK-----