问题
I've found that there WAS a sandbox gem (created by the guys that made try ruby in your browser but it was compatible only with Ruby 1.8. Another problem is that I cannot find it anymore (it seems they stop serving the gem from the servers...).
So, is there any secure way of running ruby in a sandbox (so you can run it from your browser)? Or an easy way to run (for example lua/python) in a sandbox (no filesystem access, no creation of objects etc) and be called from Ruby (Rails 2.2)?
I want to make an application like try_ruby even without having a ruby underneath. But it has to be an easy language (I saw there was a prolog in ruby, even a lisp but I don't think they are easy to learn languages...).
So, do you have any suggestions or tips? Or should I just start creating my own DSL in Ruby (if there is a solution in creating a somewhat safe system)?
Thx
回答1:
I am developing an implementation of a sandbox for ruby based on a modification of the ruby interpreter written in C, I have released recently a functional version of the gem called shikashi (rdoc documentation).
回答2:
You should try embedding JRuby in the browser.
http://ruby-in-browser.googlecode.com/svn/trunk/evalruby/index.html
回答3:
The guy who wrote the original gem disappeared, Keyser Söze style: http://www.rubyinside.com/why-the-lucky-stiff-is-missing-2278.html
I've read that the JRuby gem is more current or maintained, but I've found it buggy so far. Here are some setup instructions: http://flouri.sh/2009/4/4/how-to-set-up-the-jruby-sandbox
Overall, it looks like Ruby is lacking a solid implementation of this right now :(
回答4:
I came across This article on hackety.org(dead link) this morning. Maybe it can serve you as a guide into the right direction
回答5:
Another way is like codepad.org does it (VM isolation and checking the calls)
回答6:
I am not sure if you want to run any language in a sandbox. But I found that JavaScript has been running as a sandbox language for a long time. The ruby racer project lets you embed the v8 engine in ruby. Hope that helps.
来源:https://stackoverflow.com/questions/406833/language-in-a-sandbox-in-rails