I have developed a technique for executing Ruby programs in a secure manner,
that is the RUBY Source code is encypted and a small driver program decrypts
for execution.
I would like to see if this ‘system’ is actually secure and would like
interested Ruby users to download a small (65k)
test program to see if they can break into the source code.
http://users.impulse.net.au/dragoncity
Ps: the encrypted Ruby program needs FXRuby installed, but that should
not inhibit code-crackers 
Thank you
Brett S Hallett wrote:
I would like to see if this ‘system’ is actually secure
Attached source code.
As simple as:
$ cat > ruby
#! /bin/sh
cat $@ > decrypted.rb
^D
$ chmod +x ruby
$ export PATH=“.:$PATH”
$ rubyrun addflds.rbx
$
Sorry to burst your bubble.
Clifford Heath.
decrypted.rb (1.76 KB)
Even using a full path to ruby isn’t a fix, because it’s easy to
steal the source code if you use strace -s 2000 …
Another possibility is to set a breakpoint in gdb and stop the program
after it has decrypted the source and written it into the temp file.
If one trys to modify the ruby interpreter itself instead, to decrypt
files before executing them, this would also be a possible attack: one
could easily stop the program and inspect the allocated memory to
find the orignial source code.
On Tue, 2003-12-16 at 07:53, Clifford Heath wrote:
Attached source code.
As simple as:
$ cat > ruby
#! /bin/sh
cat $@ > decrypted.rb
^D
$ chmod +x ruby
$ export PATH=“.:$PATH”
$ rubyrun addflds.rbx
–
o=lambda{|o|p o};O=Struct.new(:a,:b,:c);e=%q((?h,(?h,(?\ ,(?s,(?u,(74)),
(?t)),(?t,(?o,(?n,(?a))))),(82,(?r,(?e),(32)),(32,(98,(?u),(?y)))
)),(?r,(99,(97),(?k,nil,(?e))),_(10))));def _(*a)O.new(*a)end;class O;def
e(&o)b&&b.e(&o);o[a];c&&c.e(&o)end;end;def p(o)print(‘’<<o)end;eval(e).e(&o)