Description |
A sandbox is an isolated environment (a thread in our case); Things may go
very badly wrong in the sandbox environment and not effect the environment
that created it. This means that we must try very hard to limit the
influence each environment has on the other. So the prototype and
instructions of entry point "Closures" are verified to ensure they will not
reduce or break isolation.
In practice this means entry point closures must not:
* accept or return by reference
* accept or return objects
* execute a limited set of instructions
Instructions prohibited directly in the sandbox are:
* declare (anonymous) function
* declare (anonymous) class
* lexical scope access
* yield
No instructions are prohibited in the files which the sandbox may include,
but allowing these instructions directly in the code which the sandbox
executes at entry would break the isolation of the sandbox such that we
couldn't be sure the system would remain stable.
With these restrictions in place, we can be sure that a sandbox may do
anything up to but excluding making PHP segfault, and not effect the
environment that created it. |