Sandboxing librarys

Discussion in 'Ruby' started by Dominik Werder, Aug 22, 2004.

  1. Hello!

    In my program I try to allow any user to write own code (event handler
    here) to be loaded and included automatically.

    To enhance security, can I prevent the author to use specific
    functions like eval, exec, File.* and so on?

    If I can, is it then secure? My goal is to let the author only write
    handler functions that return something but he must not for example
    modify the system classes, write files, do network and something like
    that..

    Thanks for suggestions!

    Dominik
     
    Dominik Werder, Aug 22, 2004
    #1
    1. Advertising

  2. Dominik Werder

    ts Guest

    >>>>> "D" == Dominik Werder <> writes:

    D> To enhance security, can I prevent the author to use specific
    D> functions like eval, exec, File.* and so on?

    Look at $SAFE


    Guy Decoux
     
    ts, Aug 22, 2004
    #2
    1. Advertising

  3. Dominik Werder

    zuzu Guest

    On Sun, 22 Aug 2004 21:05:48 +0900, Dominik Werder <> wrote:
    > Hello!
    >
    > In my program I try to allow any user to write own code (event handler
    > here) to be loaded and included automatically.
    >
    > To enhance security, can I prevent the author to use specific
    > functions like eval, exec, File.* and so on?
    >
    > If I can, is it then secure? My goal is to let the author only write
    > handler functions that return something but he must not for example
    > modify the system classes, write files, do network and something like
    > that..
    >
    > Thanks for suggestions!
    >
    > Dominik



    check out the capability security model.
    http://www.erights.org/elib/capability/index.html
    http://www.skyhunter.com/marcs/capabilityIntro/index.html

    'from objects to capabilities':
    http://www.erights.org/elib/capability/ode/ode-capabilities.html

    peace,
    -z
     
    zuzu, Aug 22, 2004
    #3
  4. ts writes:
    > >>>>> "D" == Dominik Werder <> writes:

    >
    > D> To enhance security, can I prevent the author to use specific
    > D> functions like eval, exec, File.* and so on?
    >
    > Look at $SAFE


    is that like perl's Safe module, with configurable departments
    for evaluation ?

    Klaus Schilling
     
    klaus schilling, Aug 24, 2004
    #4
  5. Dominik Werder

    David Ross Guest

    This is one area I would like to see improve. I think
    there should be support to limit memory, processes,
    threads, etc.

    SAFE provides limited restrictions.



    --- klaus schilling <>
    wrote:

    > ts writes:
    > > >>>>> "D" == Dominik Werder <>

    > writes:
    > >
    > > D> To enhance security, can I prevent the author

    > to use specific
    > > D> functions like eval, exec, File.* and so on?
    > >
    > > Look at $SAFE

    >
    > is that like perl's Safe module, with configurable
    > departments
    > for evaluation ?
    >
    > Klaus Schilling
    >
    >

    ----------------------------------------
    -- Name: David Ross
    -- Phone: 865.539.3798
    -- Email: drossruby [at] yahoo [dot] com
    ----------------------------------------



    __________________________________
    Do you Yahoo!?
    Yahoo! Mail - Helps protect you from nasty viruses.
    http://promotions.yahoo.com/new_mail
     
    David Ross, Aug 24, 2004
    #5
  6. Dominik Werder

    ts Guest

    >>>>> "D" == David Ross <> writes:

    D> This is one area I would like to see improve. I think
    D> there should be support to limit memory, processes,
    D> threads, etc.

    These are OS things and must be done at OS level


    Guy Decoux
     
    ts, Aug 24, 2004
    #6
  7. Dominik Werder

    ts Guest

    >>>>> "k" == klaus schilling <> writes:

    k> is that like perl's Safe module, with configurable departments
    k> for evaluation ?

    I don't know Safe


    Guy Decoux
     
    ts, Aug 24, 2004
    #7
  8. Dominik Werder

    David Ross Guest

    These are things that *could* be built in features as
    well. It would be nice to set limits without running
    expternal commands.

    --- ts <> wrote:

    > >>>>> "D" == David Ross <>

    > writes:
    >
    > D> This is one area I would like to see improve. I
    > think
    > D> there should be support to limit memory,
    > processes,
    > D> threads, etc.
    >
    > These are OS things and must be done at OS level
    >
    >
    > Guy Decoux
    >
    >
    >


    ----------------------------------------
    -- Name: David Ross
    -- Phone: 865.539.3798
    -- Email: drossruby [at] yahoo [dot] com
    ----------------------------------------



    _______________________________
    Do you Yahoo!?
    Win 1 of 4,000 free domain names from Yahoo! Enter now.
    http://promotions.yahoo.com/goldrush
     
    David Ross, Aug 24, 2004
    #8
  9. > D> To enhance security, can I prevent the author to use specific
    > D> functions like eval, exec, File.* and so on?
    >
    > Look at $SAFE


    So I can load external code which can't modify anything else but
    itself.

    But how can I prevent the code from reading all files?
    Docs say only "Can't load a file from a world-writable directory."

    And how can I remove any function I do not want from the wrapping
    environment while I for myself am still able to use them?

    Or is already done by using anonymous modules? If yes, how? I couldn't
    understand this :(

    thanks!
    Dominik
     
    Dominik Werder, Aug 25, 2004
    #9
  10. Dominik Werder

    ts Guest

    >>>>> "D" == Dominik Werder <> writes:

    D> Or is already done by using anonymous modules? If yes, how? I couldn't
    D> understand this :(

    It's really depend on what you want to do, this is why it's difficult to
    give a general response. A stupid example :

    svg% cat b.rb
    #!/usr/bin/ruby
    file = "#{ENV['HOME']}/c.rb"
    begin
    Thread.new do
    $SAFE = 4
    load(file, true)
    end.join
    rescue
    p $!
    end

    load(file)
    svg%

    svg% cat c.rb
    #!/usr/bin/ruby
    system("echo hello")
    svg%

    svg% b.rb
    #<SecurityError: Insecure operation - system>
    hello
    svg%



    Guy Decoux
     
    ts, Aug 26, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nolan Martin

    Keyboard and mouse librarys

    Nolan Martin, Jul 23, 2004, in forum: C++
    Replies:
    8
    Views:
    473
    Nolan Martin
    Jul 24, 2004
  2. Timothy Smith

    OCR librarys

    Timothy Smith, Sep 12, 2005, in forum: Python
    Replies:
    5
    Views:
    5,347
    robocop
    Oct 13, 2008
  3. Replies:
    16
    Views:
    1,483
    Paul Boddie
    Jul 4, 2007
  4. CppNewer
    Replies:
    14
    Views:
    748
  5. Nathan Campos

    New Librarys on Windows Mobile(CE) Ruby

    Nathan Campos, Nov 13, 2009, in forum: Ruby
    Replies:
    1
    Views:
    162
    Nathan Campos
    Nov 13, 2009
Loading...

Share This Page