On Mon, Dec 28, 2009 at 9:58 AM, Jonathan Nielsen <jonathan / jmnet.us> wrote:
> Hi everyone,
>
> I'm working on a program where a lot of externally loaded scripts will
> be run.     > mostly trusted) sources, I want to implement some form of jail that is
> at least somewhat difficult to break out of to eval these scripts.
>
You may want to take a look at why_sandbox if you are on 1.8 MRI ruby.


> So far, I've tried this:
> --------------
>   >   󨮮>  >    >  
> Module.constants.collect{|c|c.to_sym} - ScriptJailWhitelist).eachconst|
>  
>  

Not a bad start.

When I tried to use a collection to contain malicious code in Try
Ruby, I had my rear end handed to me.
It was about as secure as allowing a printer read and write to your
password file.

Also, it was slow. There are a lot of dirty ways to execute system commands.

$SAFE isn't used all that often anymore, but it may help in your case.

>
> Thank you for your time,
> -Jonathan Nielsen

Andrew McElroy
>
>