strapyourself.in and flouri.sh

Ruby Sandboxing Resources

April 11th, 2009
A complete list of sandboxing resources that I've been able to find, from articles on the sandbox itself to examples of the sandbox in action. Read the rest of this entry

How to set up the JRuby sandbox

April 4th, 2009

The JRuby Sandbox is simply a rewrite of why's original sandbox gem in JRuby. It's much less of a hack than the C implementation, and generally considered to be more safe. Here's how I set it up:

  1. Download and install the latest JRuby binaries from CodeHaus (I tested with 1.1.5).
  2. Download the source of the javasand jruby gem from the JRuby addons project
    svn checkout http://jruby-extras.rubyforge.org/svn/trunk/javasand
  3. Compile the gem:
    ant
    BUILD SUCCESSFUL
    If the build fails, it might be because it can't find the JRuby classes. You'll need to find jruby.jar and then add a line to build.xml inside the "build.classpath" path:
    <fileset dir="/path/to/jruby/jars" includes="*.jar" />
  4. Package up the gem:
    jgem build javasand.gemspec
  5. Install the gem:
    sudo jgem install javasand-0.0.2.gem
  6. Test the sandbox with jirb -rubygems 
    require "sandbox"
Sandbox.safe.eval("2+2")
# yields 4

As you can see above, I had to compile the gem from source. The binary gem of javasand from rubyforge failed with the following exception:

irb(main):001:0> require "sandbox"
=> true
irb(main):002:0> Sandbox.safe
org.jruby.ext.sandbox.Sandkit:714:in `removeMethods': java.lang.NoSuchMethodError: org.jruby.RubyModule.removeMethod(Ljava/lang/String;)V

How to set up the ruby sandbox

April 4th, 2009

There's very little recent work on the MRI ruby sandbox, so here's a quick guide to getting the sandbox installed and running. Unfortunately, the sandbox requires a patched ruby, but luckily it's not that hard to set up.

  1. Download the latest version of ruby 1.8.6 from ftp://ftp.ruby-lang.org/pub/ruby/1.8 (does not work with 1.8.7 or 1.9, sorry)
  2. Download the sandbox gem source from git://github.com/why/sandbox.git
  3. Patch ruby:
    patch -p1 < ../sandbox_gem/patch/ruby-1.8.6-sandbox_needs.patch
    patching file error.c
  4. Compile and install the patched ruby:
    ./configure
    make
    sudo make install
  5. Download and install rubygems from RubyForge
  6. Install the sandbox gem:
    cd sandbox_gem && sudo ruby setup.rb
  7. Test the sandbox:
    require "sandbox"
Sandbox.safe.eval("2+2")
# yields 4

Now that you've got the sandbox running, read more about it in my article on Advanced Sandboxing, or my Sandbox Introduction.

I'm speaking at Golden Gate Ruby Conf

April 4th, 2009

The title of my talk is: Playing with Fire: Running untrusted code in a sandbox. I expect to be posting some more articles related to the sandbox before my talk on April 17th.

original design by gorotron ported by railsgrunt powered by mephisto