I’d like a sandbox that simply disallows system calls, like creating
files etc, so that anybody can supply some code that can be eval-ed
within the sandbox, with no known potential for harm.
I know about safe levels, but I googled it and there was some discussion
about how there were ways to thwart that. I also found this, which seems
quite nice: GitHub - tario/shikashi: shikashi is a ruby sandbox that permits the execution of "unprivileged" scripts by defining the permitted methods and constants the scripts can invoke with a white list logic
But I have yet to get that working. Are there any other ways to go about
this? Perhaps there are other ways in JRuby? I’d just like to allow the
sort of operations you’d need for most algorithms, so all the usual
methods of arrays, numbers, hashes and strings basically, and perhaps
some selected custom classes. It would also probably be nice if you
could somehow limit the memory/cpu taken up by the code in the sandbox,
if that’s at all possible.
I’d like a sandbox that simply disallows system calls, like creating files etc, so that anybody can supply some code that can be eval-ed within the sandbox, with no known potential for harm.
I know about safe levels, but I googled it and there was some discussion about how there were ways to thwart that. I also found this, which seems quite nice: GitHub - tario/shikashi: shikashi is a ruby sandbox that permits the execution of "unprivileged" scripts by defining the permitted methods and constants the scripts can invoke with a white list logic
But I have yet to get that working. Are there any other ways to go about this? Perhaps there are other ways in JRuby? I’d just like to allow the sort of operations you’d need for most algorithms, so all the usual methods of arrays, numbers, hashes and strings basically, and perhaps some selected custom classes. It would also probably be nice if you could somehow limit the memory/cpu taken up by the code in the sandbox, if that’s at all possible.
Update: I found a replacement for why’s old freaky sandbox that works
with jruby:
http://flouri.sh/2009/4/4/how-to-set-up-the-jruby-sandboxStill not sure
how to account for memory consumption/cpu, but I’m guessing there may be
some JVM configuration setting that can do something about that. And a
simple timeout for infinite or lengthy loops is good enough for my case.
It would be pretty simple to assembly a JVM security policy file and
apply it to a JRuby run. You can disallow all filesystem access or
access to specific locations, and a lot more. I’ve thought about
trying to explicitly define some policies for the same things Ruby
safe levels give you, but in general it’s not that hard to put
together a sandboxed JVM running JRuby.