RubyFlow The Ruby and Rails community linklog

Dead simple code sandboxing

I just released Sandboxed, a gem that lets you run unsafe code without the usual headaches. It’s as simple as safe{ something_stupid } and comes with integrated context handling. Check it out and leave your comments!

Comments

Is Ruby’s $SAFE safe enough for you?

Looks interesting. So this is in essence a wrapper and convenience methods for $SAFE’ing?

My problem with $SAFE is you can’t do anything Ruby’esque if $SAFE is too high but the lower settings aren’t even close to being secure. You should be able to truly sandbox some Ruby code and let it do its thing using the full power of Ruby while blocking it from doing things like accessing the file system.

For instance I want to run some arbitrary code that can create classes but not overwrite anything above it like Kernel or the class that instantiated the the code. I especially don’t want to allow it access to the file system as it has no need to do anything with it.

For my needs $SAFE is bass-ackwards. The most secure thing for my needs should be the file system not creating constants. Not your issue or course, it’s a design decision with Ruby. I guess I have my next new project… write a real process isolation system.

Anyway, your work is greatly appreciated even if it does not fit my needs.

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in