Secure Ruby

[Brett S Hallett]

I have developed a technique for executing Ruby programs in a secure manner,
that is the RUBY Source code is encypted and a small driver program decrypts
for execution.

I would like to see if this 'system' is actually secure and would like
interested Ruby users to download a small (65k)
test program to see if they can break into the source code.

http://users.impulse.net.au/dragoncity

Ps: the encrypted Ruby program needs FXRuby installed, but that should
not inhibit code-crackers

Thank you

 

[Florian Frank]

Attached source code.

As simple as:
$ cat > ruby
#! /bin/sh
cat $@ > decrypted.rb
^D
$ chmod +x ruby
$ export PATH=".:$PATH"
$ rubyrun addflds.rbx

Even using a full path to ruby isn't a fix, because it's easy to
steal the source code if you use strace -s 2000 ...
Another possibility is to set a breakpoint in gdb and stop the program
after it has decrypted the source and written it into the temp file.

If one trys to modify the ruby interpreter itself instead, to decrypt
files before executing them, this would also be a possible attack: one
could easily stop the program and inspect the allocated memory to
find the orignial source code.