On Mon, Dec 28, 2009 at 9:58 AM, Jonathan Nielsen <jonathan / jmnet.us> wrote: > Hi everyone, > > I'm working on a program where a lot of externally loaded scripts will > be run. ¨Βμτθουητθσγςιπτχιμμ αμβε χςιττεβω τςυστε¨ο> mostly trusted) sources, I want to implement some form of jail that is > at least somewhat difficult to break out of to eval these scripts. > You may want to take a look at why_sandbox if you are on 1.8 MRI ruby. > So far, I've tried this: > -------------- > ¨ΒαιΝοδυμε®ξεχ > ¨Βεζ σεμζ®ςενοφείγοξ󨮮®> ¨Βεζ σεμζ®παςε®®> ¨Βεζ σεμζ®γοξστίνισσιξη ¨®®®> ¨Β > Module.constants.collect{|c|c.to_sym} - ScriptJailWhitelist).eachconst| > ¨Βαιμ®γοξστίσετ¨γοξστ¬ξιμ© > ¨Β Not a bad start. When I tried to use a collection to contain malicious code in Try Ruby, I had my rear end handed to me. It was about as secure as allowing a printer read and write to your password file. Also, it was slow. There are a lot of dirty ways to execute system commands. $SAFE isn't used all that often anymore, but it may help in your case. > > Thank you for your time, > -Jonathan Nielsen Andrew McElroy > >