Hello!
In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.
To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?
If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..
Thanks for suggestions!
Dominik
To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?
Look at $SAFE
Guy Decoux
check out the capability security model.
http://www.skyhunter.com/marcs/capabilityIntro/index.html
'from objects to capabilities':
peace,
-z
On Sun, 22 Aug 2004 21:05:48 +0900, Dominik Werder <dwerder@gmx.net> wrote:
Hello!
In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..Thanks for suggestions!
Dominik
ts writes:
>
> > To enhance security, can I prevent the author to use specific
> > functions like eval, exec, File.* and so on?
>
> Look at $SAFE
is that like perl's Safe module, with configurable departments
for evaluation ?
Klaus Schilling
> To enhance security, can I prevent the author to use specific
> functions like eval, exec, File.* and so on?Look at $SAFE
So I can load external code which can't modify anything else but
itself.
But how can I prevent the code from reading all files?
Docs say only "Can't load a file from a world-writable directory."
And how can I remove any function I do not want from the wrapping
environment while I for myself am still able to use them?
Or is already done by using anonymous modules? If yes, how? I couldn't
understand this 
thanks!
Dominik
This is one area I would like to see improve. I think
there should be support to limit memory, processes,
threads, etc.
SAFE provides limited restrictions.
--- klaus schilling <510046470588-0001@t-online.de>
wrote:
ts writes:
> >>>>> "D" == Dominik Werder <dwerder@gmx.net>
writes:
>
> > To enhance security, can I prevent the author
to use specific
> > functions like eval, exec, File.* and so on?
>
> Look at $SAFEis that like perl's Safe module, with configurable
departments
for evaluation ?Klaus Schilling
----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
is that like perl's Safe module, with configurable departments
for evaluation ?
I don't know Safe
Guy Decoux
Or is already done by using anonymous modules? If yes, how? I couldn't
understand this
It's really depend on what you want to do, this is why it's difficult to
give a general response. A stupid example :
svg% cat b.rb
#!/usr/bin/ruby
file = "#{ENV['HOME']}/c.rb"
begin
Thread.new do
$SAFE = 4
load(file, true)
end.join
rescue
p $!
end
load(file)
svg%
svg% cat c.rb
#!/usr/bin/ruby
system("echo hello")
svg%
svg% b.rb
#<SecurityError: Insecure operation - system>
hello
svg%
Guy Decoux
This is one area I would like to see improve. I think
there should be support to limit memory, processes,
threads, etc.
These are OS things and must be done at OS level
Guy Decoux
These are things that *could* be built in features as
well. It would be nice to set limits without running
expternal commands.
--- ts <decoux@moulon.inra.fr> wrote:
>>>>> "D" == David Ross <drossruby@yahoo.com>
writes:> This is one area I would like to see improve. I
think
> there should be support to limit memory,
processes,
> threads, etc.These are OS things and must be done at OS level
Guy Decoux
----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush