On Mon, Dec 28, 2009 at 9:58 AM, Jonathan Nielsen <jonathan / jmnet.us> wrote=
:
> Hi everyone,
>
> I'm working on a program where a lot of externally loaded scripts will
> be run. =A0Although the scripts will all be written by trusted (or
> mostly trusted) sources, I want to implement some form of jail that is
> at least somewhat difficult to break out of to eval these scripts.
>
You may want to take a look at why_sandbox if you are on 1.8 MRI ruby.


> So far, I've tried this:
> --------------
> =A0 =A0jail =3D Module.new {
> =A0 =A0 =A0def self.remove_const (...)
> =A0 =A0 =A0def self.parent (...)
> =A0 =A0 =A0def self.const_missing (...)
> =A0 =A0}
> =A0 =A0(Module.constants.collect{|c|c.to_sym} - ScriptJailWhitelist).each=
 { |const|
> =A0 =A0 =A0jail.const_set(const,nil)
> =A0 =A0}

Not a bad start.

When I tried to use a collection to contain malicious code in Try
Ruby, I had my rear end handed to me.
It was about as secure as allowing a printer read and write to your
password file.

Also, it was slow. There are a lot of dirty ways to execute system commands=
.

$SAFE isn't used all that often anymore, but it may help in your case.

>
> Thank you for your time,
> -Jonathan Nielsen

Andrew McElroy
>
>