On Sun, Dec 18, 2011 at 2:16 AM, Garthy D
<garthy_lmkltybr / entropicsoftware.com> wrote:
>
> Hi all,
>
> I am working on an embedded Ruby application that may support user-written
> Ruby plugins in the future, and I am trying to get a rough idea as to what
> is and isn't possible, as it will affect the design I go with. Basically, if
> you've worked on such a thing before, please share your experiences. :)

There's a number of folks using JRuby for this, most notable the
"Rails for Zombies" online course, which runs JRuby in a sandboxed
environment and allows students to run their code directly on the
server.

I am not a fan of $SAFE at all. I don't trust it, and I don't think
anyone else should either. The JVM's security model is far more
robust, and works well to secure a JRuby instance. There are many
examples of secure JVM-based services running major sites, such as all
of apps deployed to Google AppEngine for Java. I know of no example of
anyone running $SAFE mode in Ruby in a real-world setting.

I'm also looking to make JRuby's integration with the JVM security
model more robust in JRuby 1.7. At the very least, I'd like to have
equivalent built-in modes similar to SAFE levels that use JVM security
policies to enforce restrictions. Beyond that, I would like a full
complement of JVM permissions for Ruby-specific features like
evaluating code, reopening classes, and so on. You'll be able to
choose a pre-packaged SAFE-like policy, or roll your own.

I'd love to see Ruby adopt a real security model. Until then, I'll
keep trying to make JRuby utilize the JVM's model better.

- Charlie