Ruby Sandboxing Resources
The sandbox itself
- Freaky Freaky Sandbox - A sandboxing gem based on the MRI ruby interpreter. Written in C, it hacks the VM to allow safe execution of untrusted code
- Why-the-lucky-stiff talking about the freaky freaky sandbox - He explains it as an alternative to $SAFE in a discussion with ruby team.
- How to set up the C-Ruby sandbox
- JavaSand - A sandboxing gem for JRuby. It provides the same API as the C-based-ruby sandbox.
- How to set up the JRuby sandbox
Sandbox Support
acts_as_wrapped_class- A gem that adds easy class-wrapping for safely exposing an API to the sandbox code.acts_as_runnable_code- A gem that makes creation of sandboxes and evaluation of uploaded code easier.- Safely Exposing your App to a ruby sandbox - My article on setting up a sandbox.
Sandbox Examples
How to set up the JRuby sandbox
The JRuby Sandbox is simply a rewrite of why's original sandbox gem in JRuby. It's much less of a hack than the C implementation, and generally considered to be more safe. Here's how I set it up:
- Download and install the latest JRuby binaries from CodeHaus (I tested with 1.1.5).
- Download the source of the javasand jruby gem from the JRuby addons project
svn checkout http://jruby-extras.rubyforge.org/svn/trunk/javasand - Compile the gem:
ant
BUILD SUCCESSFUL
If the build fails, it might be because it can't find the JRuby classes. You'll need to find jruby.jar and then add a line to build.xml inside the "build.classpath" path:
<fileset dir="/path/to/jruby/jars" includes="*.jar" /> - Package up the gem:
jgem build javasand.gemspec - Install the gem:
sudo jgem install javasand-0.0.2.gem - Test the sandbox with
jirb -rubygemsrequire "sandbox" Sandbox.safe.eval("2+2") # yields 4
As you can see above, I had to compile the gem from source. The binary gem of javasand
from rubyforge failed with the following exception:
irb(main):001:0> require "sandbox"
=> true
irb(main):002:0> Sandbox.safe
org.jruby.ext.sandbox.Sandkit:714:in `removeMethods': java.lang.NoSuchMethodError: org.jruby.RubyModule.removeMethod(Ljava/lang/String;)V
How to set up the ruby sandbox
There's very little recent work on the MRI ruby sandbox, so here's a quick guide to getting the sandbox installed and running. Unfortunately, the sandbox requires a patched ruby, but luckily it's not that hard to set up.
- Download the latest version of ruby 1.8.6 from ftp://ftp.ruby-lang.org/pub/ruby/1.8 (does not work with 1.8.7 or 1.9, sorry)
- Download the sandbox gem source from git://github.com/why/sandbox.git
-
Patch ruby:
patch -p1 < ../sandbox_gem/patch/ruby-1.8.6-sandbox_needs.patch
patching file error.c -
Compile and install the patched ruby:
./configure
make
sudo make install - Download and install rubygems from RubyForge
-
Install the sandbox gem:
cd sandbox_gem && sudo ruby setup.rb -
Test the sandbox:
require "sandbox" Sandbox.safe.eval("2+2") # yields 4
Now that you've got the sandbox running, read more about it in my article on Advanced Sandboxing, or my Sandbox Introduction.
I'm speaking at Golden Gate Ruby Conf
The title of my talk is: Playing with Fire: Running untrusted code in a sandbox. I expect to be posting some more articles related to the sandbox before my talk on April 17th.
