Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Execute ruby code within limited environment

I am implementing a plugin architecture to a Rails project. The plugin architecture includes the ability for plugin writers to write Ruby code to be executed on the server. I want to make this secure so that plugin writers don't have the ability to write destructive code.

I think what I need to do, although I'm open to other options, is execute the Ruby code for the plugin in an isolated environment which has a limited scope. I'm thinking of something in the spirit of the therubyracer gem but I want to safely execute Ruby instead of JavaScript.

I can't figure out a good way to do this. I thought of using eval with a limited bindings object, but I think it would be difficult to eval several files and I don't think I can adequately limit the bindings. For example, I don't want a plugin to be able to do something like a destroy_all on a model, or monkey-patch existing code in the app.

I'm quite stumped with this one. Anyone have any ideas?

like image 329
alexsanford1 Avatar asked Nov 12 '22 23:11

alexsanford1


1 Answers

I suggest you to read the following documentation about ruby safe levels. Sometimes services use the level 4 for scripts embedded by unknown users:

http://ruby-doc.org/docs/ProgrammingRuby/html/taint.html

like image 194
Nucc Avatar answered Dec 01 '22 01:12

Nucc