Eval, SAFE, and Sandbox

Discussion in 'Ruby' started by Simon Mcbryan, May 21, 2010.

  1. Hello Ruby Forum.

    I am working on a personal project that will need people to be able to
    submit bits of Ruby code so that my project can run it (eval). I know
    there is a lot of danger in this and wonder if there are any solid ways
    to avoid malicious attacks.

    From what I have read and seen on Google, there is the $SAFE (=4)
    variable which is supposed to prevent many vulnerabilities, but at the
    same time, there are many sources saying this is not reliable. Also, I
    have seen that a year or 2 ago, there was a popular Ruby project called
    Sandbox, created by a whytheluckystiff, who has apparently disappeared
    off the face of the planet, and thus killing the project.

    So I am wondering if I should attempt to work off Sandbox, although I
    don't think it is maintained or updated to the newer Ruby versions
    (1.8.7+). I am pretty new to the whole metaprogramming world, so I am
    not sure if I could handle this either. Or should I try to create my
    own system, using $SAFE, disallowing known loopholes, running in a
    thread with a kill time and timeout limit, etc. Or is there an
    alternative to Sandbox that I should be looking at that my research has
    not turned up? Thanks for your time.

    - simon
    --
    Posted via http://www.ruby-forum.com/.
    Simon Mcbryan, May 21, 2010
    #1
    1. Advertising

  2. Simon McBryan, May 22, 2010
    #2
    1. Advertising

  3. Simon Mcbryan

    Josh Cheek Guest

    [Note: parts of this message were removed to make it a legal post.]

    On Sat, May 22, 2010 at 11:27 AM, Simon McBryan <> wrote:

    > Andrew Mcelroy wrote:
    > > Look at Try Ruby.
    > > $SAFE > 3 won't work in a repl, btw
    > >
    > > Andrew McElroy
    > > http://TryRuby.org

    >
    > Cool, thanks, looks like this should do the trick.
    > --
    > Posted via http://www.ruby-forum.com/.
    >
    >

    If you're on a Mac, you might try Dia. http://github.com/robgleeson/Dia
    Josh Cheek, May 23, 2010
    #3
  4. On 5/21/10, Simon Mcbryan <> wrote:
    > Hello Ruby Forum.
    >
    > I am working on a personal project that will need people to be able to
    > submit bits of Ruby code so that my project can run it (eval). I know
    > there is a lot of danger in this and wonder if there are any solid ways
    > to avoid malicious attacks.
    >
    > From what I have read and seen on Google, there is the $SAFE (=4)
    > variable which is supposed to prevent many vulnerabilities, but at the
    > same time, there are many sources saying this is not reliable. Also, I
    > have seen that a year or 2 ago, there was a popular Ruby project called
    > Sandbox, created by a whytheluckystiff, who has apparently disappeared
    > off the face of the planet, and thus killing the project.
    >
    > So I am wondering if I should attempt to work off Sandbox, although I
    > don't think it is maintained or updated to the newer Ruby versions
    > (1.8.7+). I am pretty new to the whole metaprogramming world, so I am
    > not sure if I could handle this either. Or should I try to create my
    > own system, using $SAFE, disallowing known loopholes, running in a
    > thread with a kill time and timeout limit, etc. Or is there an
    > alternative to Sandbox that I should be looking at that my research has
    > not turned up? Thanks for your time.


    $SAFE is unlikely to be good enough. Even why's sandbox probably has
    some vulnerabilities.

    Depending on what you're doing, you could try running inside a virtual
    machine or freebsd jail. These are general-purpose sandbox facilities,
    not ruby specific. That's somewhat difficult to set up, but they
    should be very solid choices.

    All these ideas could be combined. That is, you run with $SAFE=4, in
    why's sandbox, inside a jail in a freebsd installation running in a
    virtual machine. That way, you have multiple layers of protection, and
    the best of all worlds.

    Another idea; if you want to use jruby, you could take advantage of
    the jvm's sandboxing capabilities. I believe this would require some
    custom java security manager programming.
    Caleb Clausen, May 23, 2010
    #4
  5. On Sun, May 23, 2010 at 7:43 AM, Caleb Clausen <> wrote:
    > $SAFE is unlikely to be good enough. Even why's sandbox probably has
    > some vulnerabilities.


    To be honest, I'm not sure I trust $SAFE because it takes such a
    scattered approach to performance. Basically every operation that
    mutates needs to check for tainting (and now "untrust" in 1.9) or
    there's a hole. That's a lot of code to ensure is always doing the
    right thing.

    Plus C extensions either need to be disabled or audited as well.

    Granted...$SAFE is what's available on MRI, so I don't have another
    solution for non-JRuby users.

    > Another idea; if you want to use jruby, you could take advantage of
    > the jvm's sandboxing capabilities. I believe this would require some
    > custom java security manager programming.


    Actually it can often just come down to configuration. "Programming" a
    security manager isn't generally needed to secure a server or sandbox
    an application.

    - Charlie
    Charles Oliver Nutter, May 25, 2010
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. DataBinder.Eval and Eval.

    , Jun 16, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    542
    Karl Seguin [MVP]
    Jun 16, 2006
  2. Replies:
    1
    Views:
    336
    Brian Candler
    Aug 12, 2003
  3. why the lucky stiff

    [ANN] sandbox 0.0.11 -- taking the i out of eval

    why the lucky stiff, Jul 19, 2006, in forum: Ruby
    Replies:
    12
    Views:
    221
    why the lucky stiff
    Jul 20, 2006
  4. Ruben Fonseca

    Safe sandbox for running untrusted code

    Ruben Fonseca, Jun 2, 2008, in forum: Ruby
    Replies:
    6
    Views:
    127
    Siep Korteling
    Jun 3, 2008
  5. Liang Wang
    Replies:
    8
    Views:
    131
    Ben Morrow
    Feb 2, 2008
Loading...

Share This Page