Re: Ruby, SAFE, method interception, and plugins

< ^ > P N |<>|^_>< --- | ~ ...Help
Hi Charlie,

Thankyou for the additional information. :) As mentioned there would be 
a big cost to moving across to JRuby at this point- but I now have a 
much better starting point if I undertook such a move. Thanks for that. 
:) I wasn't familiar with FFI, but I'm quite familiar with the problem 
they are trying to solve. Very interesting stuff. :) There are certainly 
other benefits to moving to a JVM-based approach as well- as well as 
associated disadvantages. I'll also assume that's it's pretty much a 
given that I could use have Java-based plugins as well if I went this 
way- and this could very well be a big plus. I've certainly got some 
things to think about now. :)

Garth

On 19/12/11 13:35, Charles Oliver Nutter wrote:
> JRuby does support FFI, for calling C libraries, so one approach to
> using your existing code would be to write a thin C wrapper and bind
> it with FFI.
>
> An alternative would be to write a thin JNI (Java Native Interface)
> wrapper and use that from JRuby just like any Java API. The level of
> effort would be similar to writing a Ruby C ext.
>
> In any case, keep me posted. If you decide to go with JRuby, perhaps
> we can collaborate on coming up with appropriate permissions and
> security policies.
>
> - Charlie
>
> On Sun, Dec 18, 2011 at 8:48 PM, Garthy D
> <garthy_lmkltybr / entropicsoftware.com>  wrote:
>>
>> Hi Charlie,
>>
>> I have no realm experience with JRuby, although at a glance it might be a
>> closer fit with respect to securing running plugins. I might be stuck in
>> this regard though as a good chunk of the app is already written, and
>> C++-based. The cost of moving across might prove to be too high in my
>> particular case, but at the very least it gives me something to explore and
>> think about. Thankyou for sharing- this is probably not an area I would have
>> thought to investigate on my own. :)
>>
>> Garth
>>
>>
>> On 19/12/11 12:16, Charles Oliver Nutter wrote:
>>>
>>> On Sun, Dec 18, 2011 at 2:16 AM, Garthy D
>>> <garthy_lmkltybr / entropicsoftware.com>    wrote:
>>>>
>>>>
>>>> Hi all,
>>>>
>>>> I am working on an embedded Ruby application that may support
>>>> user-written
>>>> Ruby plugins in the future, and I am trying to get a rough idea as to
>>>> what
>>>> is and isn't possible, as it will affect the design I go with. Basically,
>>>> if
>>>> you've worked on such a thing before, please share your experiences. :)
>>>
>>>
>>> There's a number of folks using JRuby for this, most notable the
>>> "Rails for Zombies" online course, which runs JRuby in a sandboxed
>>> environment and allows students to run their code directly on the
>>> server.
>>>
>>> I am not a fan of $SAFE at all. I don't trust it, and I don't think
>>> anyone else should either. The JVM's security model is far more
>>> robust, and works well to secure a JRuby instance. There are many
>>> examples of secure JVM-based services running major sites, such as all
>>> of apps deployed to Google AppEngine for Java. I know of no example of
>>> anyone running $SAFE mode in Ruby in a real-world setting.
>>>
>>> I'm also looking to make JRuby's integration with the JVM security
>>> model more robust in JRuby 1.7. At the very least, I'd like to have
>>> equivalent built-in modes similar to SAFE levels that use JVM security
>>> policies to enforce restrictions. Beyond that, I would like a full
>>> complement of JVM permissions for Ruby-specific features like
>>> evaluating code, reopening classes, and so on. You'll be able to
>>> choose a pre-packaged SAFE-like policy, or roll your own.
>>>
>>> I'd love to see Ruby adopt a real security model. Until then, I'll
>>> keep trying to make JRuby utilize the JVM's model better.
>>>
>>> - Charlie
>>>
>>
>>
>