Embedding ruby

Hi.

I am right now considering which Scripting Language to embed into my Server
application and ruby seems to be a very good choice. But I have a small
problem. I need to limit the functions which are allowed to be called from
the scripts. For example no system() calls and no IO calls, no sockets and
things like that. Is there already something possible with the standart ruby
or would I have to remove unwanted packages manualy from the ruby
installation I would use with the application

Thanks

Peter

check out http://www.rubycentral.com/book/taint.html

Michael Greenly wrote:

check out http://www.rubycentral.com/book/taint.html

Thanks a lot. This seems to be what I need.

But ..

I did a few tests and the results where not exactly what I expected.

I want to have the code I get in a parsed form and not in a string form,
so I need to 'compile' it into functions.

something along the lines:

eval "$SAFE=4;
class Foo
            def bar()
" << userCode << "
             end
end
";

this wasnt working. so I read around in the docu:
"Can't define, redefine, remove, or undef a method in a nontainted class or module."

so I figured this would work:
userCode ="a = 3 + 4;";
class Foo
end
Foo.taint;
eval "$SAFE=4;
class Foo
            def bar()
" << userCode << "
             end
end
";

but it wasn't either.
I got a:
test.rb:11: (eval):2: extending class prohibited (SecurityError)

So is the docu wrong, or am I just reading it wrong ?

Thanks

Peter

this wasnt working. so I read around in the docu:
"Can't define, redefine, remove, or undef a method in a nontainted class
or module."

moulon% cat b.rb
#!/usr/bin/ruby
module A
end
A.taint

$SAFE = 4

user_code = '1 + 1'

eval <<-EOT
   def A.a
      #{user_code}
   end
EOT
A.a