Sandboxing librarys

Hello!

In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.

To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?

If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..

Thanks for suggestions!

Dominik

To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?

Look at $SAFE

Guy Decoux

check out the capability security model.
http://www.erights.org/elib/capability/index.html
http://www.skyhunter.com/marcs/capabilityIntro/index.html

'from objects to capabilities':
http://www.erights.org/elib/capability/ode/ode-capabilities.html

peace,
-z

···

On Sun, 22 Aug 2004 21:05:48 +0900, Dominik Werder <dwerder@gmx.net> wrote:

Hello!

In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.

To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?

If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..

Thanks for suggestions!

Dominik

ts writes:

>
> > To enhance security, can I prevent the author to use specific
> > functions like eval, exec, File.* and so on?
>
> Look at $SAFE

is that like perl's Safe module, with configurable departments
for evaluation ?

Klaus Schilling

> To enhance security, can I prevent the author to use specific
> functions like eval, exec, File.* and so on?

Look at $SAFE

So I can load external code which can't modify anything else but
itself.

But how can I prevent the code from reading all files?
Docs say only "Can't load a file from a world-writable directory."

And how can I remove any function I do not want from the wrapping
environment while I for myself am still able to use them?

Or is already done by using anonymous modules? If yes, how? I couldn't
understand this :frowning:

thanks!
Dominik

This is one area I would like to see improve. I think
there should be support to limit memory, processes,
threads, etc.

SAFE provides limited restrictions.

--- klaus schilling <510046470588-0001@t-online.de>
wrote:

···

ts writes:
> >>>>> "D" == Dominik Werder <dwerder@gmx.net>
writes:
>
> > To enhance security, can I prevent the author
to use specific
> > functions like eval, exec, File.* and so on?
>
> Look at $SAFE

is that like perl's Safe module, with configurable
departments
for evaluation ?

Klaus Schilling

----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail

is that like perl's Safe module, with configurable departments
for evaluation ?

I don't know Safe

Guy Decoux

Or is already done by using anonymous modules? If yes, how? I couldn't
understand this :frowning:

It's really depend on what you want to do, this is why it's difficult to
give a general response. A stupid example :

svg% cat b.rb
#!/usr/bin/ruby
file = "#{ENV['HOME']}/c.rb"
begin
   Thread.new do
      $SAFE = 4
      load(file, true)
   end.join
rescue
   p $!
end

load(file)
svg%

svg% cat c.rb
#!/usr/bin/ruby
system("echo hello")
svg%

svg% b.rb
#<SecurityError: Insecure operation - system>
hello
svg%

Guy Decoux

This is one area I would like to see improve. I think
there should be support to limit memory, processes,
threads, etc.

These are OS things and must be done at OS level

Guy Decoux

These are things that *could* be built in features as
well. It would be nice to set limits without running
expternal commands.

···

--- ts <decoux@moulon.inra.fr> wrote:

>>>>> "D" == David Ross <drossruby@yahoo.com>
writes:

> This is one area I would like to see improve. I
think
> there should be support to limit memory,
processes,
> threads, etc.

These are OS things and must be done at OS level

Guy Decoux

----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------

_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush