I am implementing a plugin architecture to a Rails project. The plugin architecture includes the ability for plugin writers to write Ruby code to be executed on the server. I want to make this secure so that plugin writers don't have the ability to write destructive code.
I think what I need to do, although I'm open to other options, is execute the Ruby code for the plugin in an isolated environment which has a limited scope. I'm thinking of something in the spirit of the therubyracer gem but I want to safely execute Ruby instead of JavaScript.
I can't figure out a good way to do this. I thought of using eval
with a limited bindings
object, but I think it would be difficult to eval
several files and I don't think I can adequately limit the bindings. For example, I don't want a plugin to be able to do something like a destroy_all
on a model, or monkey-patch existing code in the app.
I'm quite stumped with this one. Anyone have any ideas?
I suggest you to read the following documentation about ruby safe levels. Sometimes services use the level 4 for scripts embedded by unknown users:
http://ruby-doc.org/docs/ProgrammingRuby/html/taint.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With