I'm sorry if this has been answered before, but I'm looking for an
expert voice for this question.
I would need if Ruby have a safe mechanism of running unsafe code on a
sandbox environment. Image this situation:
I lunch a contest "solve this problem in Ruby". The users submit their
code, and my system runs the code on an sandbox, with memory and time
constraints, and verifies if the output meets the required result.
Basicly, I need a way to run Ruby code that reads from STDIN, writes to
STDOUT, and I need to be sure it doesn't run more than "x" seconds and
don't eat all my memory.
But AFAIK it does not prevent your CPU or memory going through the
roof or just taking ages. Depending on your platform you might be
able to do it using fork and having the parent kill the child if any
of your constraints (time, memory) are violated. But then you are
still not safe against system("/bin/rm", "-rf", "/"). That's where
$SAFE helps.
Kind regards
robert
···
2008/6/2 Ruben Fonseca <fonseka@gmail.com>:
I would need if Ruby have a safe mechanism of running unsafe code on a
sandbox environment. Image this situation:
I lunch a contest "solve this problem in Ruby". The users submit their
code, and my system runs the code on an sandbox, with memory and time
constraints, and verifies if the output meets the required result.
Basicly, I need a way to run Ruby code that reads from STDIN, writes to
STDOUT, and I need to be sure it doesn't run more than "x" seconds and
don't eat all my memory.
It this possible with the current VM (MRI 1.8)?
--
use.inject do |as, often| as.you_can - without end
I'd run the code within a virtualised environment. You'd be safe to rm -rf / as the "virtual server" is safely contained. vserver, xen, openvz, virtualbox, lguest... There's also the capability of changing ram, diskspace and loads of other stuff from outside of the virtual thang.
/dev/jayeola
···
On Tue, 3 Jun 2008 00:18:49 +0900 "Robert Klemme" <shortcutter@googlemail.com> wrote:
2008/6/2 Ruben Fonseca <fonseka@gmail.com>:
> I would need if Ruby have a safe mechanism of running unsafe code on a
> sandbox environment. Image this situation:
>
> I lunch a contest "solve this problem in Ruby". The users submit their
> code, and my system runs the code on an sandbox, with memory and time
> constraints, and verifies if the output meets the required result.
>
> Basicly, I need a way to run Ruby code that reads from STDIN, writes to
> STDOUT, and I need to be sure it doesn't run more than "x" seconds and
> don't eat all my memory.
>
> It this possible with the current VM (MRI 1.8)?
But AFAIK it does not prevent your CPU or memory going through the
roof or just taking ages. Depending on your platform you might be
able to do it using fork and having the parent kill the child if any
of your constraints (time, memory) are violated. But then you are
still not safe against system("/bin/rm", "-rf", "/"). That's where
$SAFE helps.