Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to safely let users run arbitrary Ruby code?

Tags:

ruby

I realize this sounds a little crazy, but I'm working on a project for which I need a server to run user-provided Ruby code and return the result.

I'm looking to prevent something like this:

system("rm -rf /")
eval("something_evil")
# etc...

I'm sure there must be some reasonably safe way to do this, as it already exists at places like tryruby.org. Any help is greatly appreciated, thanks!

like image 949
igul222 Avatar asked Apr 03 '10 23:04

igul222


3 Answers

Three suggestions:

1) Take a look at Ruby taint levels. This provides some degree of protection against, eval('evil_code') type things, etc.

2) Unless user's actually need access to the local file system, use something like fakefs

3) No matter what else you do follow Tronic's suggestion (can be a pain to setup, but limited chroot jails are about the only way to make absolutely sure that user's cannot access resources you don't explicitly want them to).

like image 55
ig0774 Avatar answered Nov 15 '22 21:11

ig0774


Run the program ptraced with a whitelist of allowed syscalls, as user/group nobody, with resource limits (memory usage etc), in a minimal chroot.

like image 31
Tronic Avatar answered Nov 15 '22 22:11

Tronic


A "blank slate" is an object stripped of (most of) its methods. A "clean room" is an object within which you evaluate potentially unsafe room. If you evaluate the code in a "clean room" which is also a "blank slate," cranking the safe level up as high as it will go, you will afford yourself a great deal of protection. Nothing in security is sure, so this should be considered a layer in your security, not necessarily the only layer.

This answer shows how to do it.

like image 35
Wayne Conrad Avatar answered Nov 15 '22 22:11

Wayne Conrad