hi there,

i just happened across this at rubyforge.  it seems like it might have 
some ideas that you might find interesting.  or maybe not...

http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html

have fun,
mattD

aurelianito wrote:

>Hello!
>It's my (Aureliano) again.
>
>I'm trying to implement something similar to the Java Security Manager
>for Ruby. The project is currently in prealpha stage at rubyforge
>(http://securedruby.rubyforge.org).
>
>But Ruby is different from Java because it's much more dinamic. And I
>like it because of it!. But it brings some issues regarding code
>redefinition. What I'm trying to achieve is a way to run untrusted code
>in the ruby interpreter and don't worry about possible damages to the
>system. "Will this code erase all my home directory?" (or "format my
>harddrive?", if I'm root) is a valid concern. Of course, in Ruby you
>can always check the source code just looking at it. But, what if you
>have a >100000 lines script that does something interesting but you
>don't trust because your archinemesis wrote it? What if you wan't to
>use "eval" to run user input code?
>
>I think I'm able to stop direct file accesses but, because of the
>dinamicity (does such word exist?) of ruby, malign code (malign as the
>Austin Power archinemesis, Dr. Evil) might redefine methods to trick
>our good and helpless code to do something evil for the human kind (ok,
>I'm exaggerating a little bit here). For instance imagine this:
>
>evil.rb:
>class Object
>  def chomp a
>     # it's really evil.
>     "a name of a file that if's erased the world will be destroyed"
>  end
>end
>
>good_and_dumb.rb:
>require "evil" # did I told you the dumb part?
>FileUtils.delete(chomp "erase_to_save_the_world.doc")
>
>Well, the world is doomed. But If we were able to stop evil to redefine
>chomp, this wouldn't happen. That's why I need a way to selectively
>stop method definition/redefinition/removal.
>
>But I'm unable to find a way to implement it in a pure ruby way. Do you
>know any? All the good and dumb ruby code in the world will thank you.
>
>Please post back,
>thank you very much,
>Aureliano.
>
>
>
>  
>