On Tue, 3 Jun 2008 00:18:49 +0900 "Robert Klemme" <shortcutter / googlemail.com> wrote: > 2008/6/2 Ruben Fonseca <fonseka / gmail.com>: > > I would need if Ruby have a safe mechanism of running unsafe code on a > > sandbox environment. Image this situation: > > > > I lunch a contest "solve this problem in Ruby". The users submit their > > code, and my system runs the code on an sandbox, with memory and time > > constraints, and verifies if the output meets the required result. > > > > Basicly, I need a way to run Ruby code that reads from STDIN, writes to > > STDOUT, and I need to be sure it doesn't run more than "x" seconds and > > don't eat all my memory. > > > > It this possible with the current VM (MRI 1.8)? > > There is at least $SAFE: > http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html#S1 > > But AFAIK it does not prevent your CPU or memory going through the > roof or just taking ages. Depending on your platform you might be > able to do it using fork and having the parent kill the child if any > of your constraints (time, memory) are violated. But then you are > still not safe against system("/bin/rm", "-rf", "/"). That's where > $SAFE helps. > > Kind regards > > robert > I'd run the code within a virtualised environment. You'd be safe to rm -rf / as the "virtual server" is safely contained. vserver, xen, openvz, virtualbox, lguest... There's also the capability of changing ram, diskspace and loads of other stuff from outside of the virtual thang. /dev/jayeola