On Tue, 3 Jun 2008 00:18:49 +0900
"Robert Klemme" <shortcutter / googlemail.com> wrote:

> 2008/6/2 Ruben Fonseca <fonseka / gmail.com>:
> > I would need if Ruby have a safe mechanism of running unsafe code on a
> > sandbox environment. Image this situation:
> >
> > I lunch a contest "solve this problem in Ruby". The users submit their
> > code, and my system runs the code on an sandbox, with memory and time
> > constraints, and verifies if the output meets the required result.
> >
> > Basicly, I need a way to run Ruby code that reads from STDIN, writes to
> > STDOUT, and I need to be sure it doesn't run more than "x" seconds and
> > don't eat all my memory.
> >
> > It this possible with the current VM (MRI 1.8)?
> 
> There is at least $SAFE:
> http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html#S1
> 
> But AFAIK it does not prevent your CPU or memory going through the
> roof or just taking ages.  Depending on your platform you might be
> able to do it using fork and having the parent kill the child if any
> of your constraints (time, memory) are violated.  But then you are
> still not safe against system("/bin/rm", "-rf", "/").  That's where
> $SAFE helps.
> 
> Kind regards
> 
> robert
> 

I'd run the code within a virtualised environment. You'd be safe to rm -rf / as the "virtual server" is safely contained. vserver, xen, openvz, virtualbox, lguest... There's also the capability of changing ram, diskspace and loads of other stuff from outside of the virtual thang.

/dev/jayeola