Safe Ruby Environment

Albert_Chou · 20 July 2004 22:18

Maybe take inspiration from TCL's interp command
(http://www.tcl.tk/man/tcl8.2.3/TclCmd/interp.htm), though that's a much
heavier-weight solution?

Al

···

-----Original Message-----
From: Michael Neumann [mailto:mneumann@ntecs.de]
Sent: Tuesday, July 20, 2004 2:04 PM
To: ruby-talk ML
Subject: Safe Ruby Environment

Hi,

Okay, there are the different $SAFE levels. But why not simply removing
dangerous methods, like:

   undef `
   undef system
   undef require
   ...

or replacing them by your own?

I guess, this is as secure as any $SAFE level (of course it depends on
which methods you are removing). Or am I missing something? The problem
is that this way you can't run other "good" code next to your "bad" code

(as it is possible with $SAFE).

It would be very nice to execute some Ruby code in such a reduced
environment without affecting the other "good" code:

   env = Environment.new
   env.remove_method :system
   env.remove_constant :ENV
   env.remove_global "$0"
   ...
   env.eval dangerous_code

   # or
   env = Environment.fresh
   env.add_method :system
   env.add_constant :ENV, ENV
   ...

BTW, is this possible to implement in Ruby or a C extension? I guess
not. Or would it work with two (or multiple) anonymous modules, one for
the good code, one for the bad code, and then by removing all
methods/constants/global variables outside those two modules?

Regards,

Michael

Topic		Replies	Views
Safe Ruby Environment ruby-talk	9	122	21 July 2004
Security within a ruby interpreter ruby-talk	0	117	12 April 2005
Ruby-dev summary 21730-21822 ruby-talk	0	105	6 November 2003
$SAFE =4 safe enough? ruby-talk	7	95	31 August 2006
Code execution from file? ruby-talk	10	110	9 December 2005

Safe Ruby Environment

Related topics