16

Let's suppose I have this awful controller code:

class MovesController < ApplicationController
  def create
    eval(params[:input])
  end
end

I've been looking for a best way to sandbox the execution of an untrusted code for some time now and stumbled on discussion in this ruby-lang feature: https://bugs.ruby-lang.org/issues/8468

The real solution to this problem is to run a sandbox at the level above Ruby. I run untrusted code on http://eval.in inside a ptrace based sandbox. Charlie Somerville

Further research on the subject didn't get more than pure ptrace documentation. Is there a known practice/library for using ptrace in Ruby and Rails or would one need to set up his own solution?

Nox
  • 395
  • 3
  • 22
  • 1
    I'm afraid a full description of the process is beyond my meager ability to summarize for StackOverflow. The core idea is that you use ptrace(2) to be notified of all syscalls and explicitly whitelist the ones that you consider 'safe', and for any syscalls where the parameters can make them unsafe, you validate the parameters. There's [a useful paper](http://www.cs.vu.nl/~ast/publications/secrypt-2007.pdf) on jailing processes using trace mechanisms. You could look for [sandbox](https://github.com/openjudge/sandbox) and [s4g](http://s4g.gforge.inria.fr/) as example implementations. – Cyberfox May 01 '15 at 03:07

1 Answers1

3

There is a gem called trusted-sandbox to do that. But be careful, because Docker is not actually hacker-proof.

There is also Geordi used by CodePad.

There was a (buggy?) sandbox implementation for ruby 1.8, but it's no longer supported.

But really, your question is like the old joke where the patient says "Doctor, it hurts when I do this." And the Doctor answers "well, don't do that."

There are a million things you could do instead:

  • Use a langauge with first-class sandboxing (like Lua).
  • Use a templating language (like Liquid or Mustache). Write your own parser for the things that actually need to be done.
  • Run the "program" run on the client side (in javascript or hotruby) and only send processed data back to your server.
BraveNewCurrency
  • 12,654
  • 2
  • 42
  • 50
  • Thanks, the bounty I'm offering is for how to implement a server-side solution that uses ptrace and Ruby (instead of Docker, Lua, Liquid, javascript -- all are good solutions that I currently use) – joelparkerhenderson May 26 '15 at 01:26