Sandboxing librarys

Dominik Werder · Aug 22, 2004

Hello!

In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.

To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?

If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..

Thanks for suggestions!

Dominik

ts · Aug 22, 2004

D> To enhance security, can I prevent the author to use specific
D> functions like eval, exec, File.* and so on?

Look at $SAFE

Guy Decoux

zuzu · Aug 22, 2004

Hello!

In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.

To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?

If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..

Thanks for suggestions!

Dominik

check out the capability security model.
http://www.erights.org/elib/capability/index.html
http://www.skyhunter.com/marcs/capabilityIntro/index.html

'from objects to capabilities':
http://www.erights.org/elib/capability/ode/ode-capabilities.html

peace,
-z

klaus schilling · Aug 24, 2004

ts said:
D> To enhance security, can I prevent the author to use specific
D> functions like eval, exec, File.* and so on?

Look at $SAFE

is that like perl's Safe module, with configurable departments
for evaluation ?

Klaus Schilling

David Ross · Aug 24, 2004

This is one area I would like to see improve. I think
there should be support to limit memory, processes,
threads, etc.

SAFE provides limited restrictions.

is that like perl's Safe module, with configurable
departments
for evaluation ?

Klaus Schilling

----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail

ts · Aug 24, 2004

D> This is one area I would like to see improve. I think
D> there should be support to limit memory, processes,
D> threads, etc.

These are OS things and must be done at OS level

Guy Decoux

ts · Aug 24, 2004

k> is that like perl's Safe module, with configurable departments
k> for evaluation ?

I don't know Safe

Guy Decoux

David Ross · Aug 24, 2004

These are things that *could* be built in features as
well. It would be nice to set limits without running
expternal commands.

--- ts said:
writes:

D> This is one area I would like to see improve. I
think
D> there should be support to limit memory,
processes,
D> threads, etc.

These are OS things and must be done at OS level

Guy Decoux

----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------

_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush

Dominik Werder · Aug 25, 2004

D> To enhance security, can I prevent the author to use specific

D> functions like eval, exec, File.* and so on?

Look at $SAFE

So I can load external code which can't modify anything else but
itself.

But how can I prevent the code from reading all files?
Docs say only "Can't load a file from a world-writable directory."

And how can I remove any function I do not want from the wrapping
environment while I for myself am still able to use them?

Or is already done by using anonymous modules? If yes, how? I couldn't
understand this

thanks!
Dominik

ts · Aug 26, 2004

D> Or is already done by using anonymous modules? If yes, how? I couldn't
D> understand this

It's really depend on what you want to do, this is why it's difficult to
give a general response. A stupid example :

svg% cat b.rb
#!/usr/bin/ruby
file = "#{ENV['HOME']}/c.rb"
begin
Thread.new do
$SAFE = 4
load(file, true)
end.join
rescue
p $!
end

load(file)
svg%

svg% cat c.rb
#!/usr/bin/ruby
system("echo hello")
svg%

svg% b.rb
#<SecurityError: Insecure operation - system>
hello
svg%

Guy Decoux

I want to simulate social network activity. How to approach the problem?	1	Oct 17, 2022
Using asyncio in event-driven network library	0	Dec 23, 2013
Collect Excel Data from Website	5	Apr 30, 2022
Bug in ERb when using $SAFE>=4	0	Apr 3, 2007
[ANN] test-loop 12.0.3	0	Apr 26, 2011
lightweight way to create new projects from templates	0	May 11, 2011
[ANN] Halcyon 0.4.0	0	Feb 11, 2008
[ANN] Looking for folks to help with a collaborative Ruby blog	0	Mar 29, 2009

Sandboxing librarys

Dominik Werder

ts

zuzu

klaus schilling

David Ross

ts

ts

David Ross

Dominik Werder

ts

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads