如何在安全沙箱中运行不受信任的 Ruby 代码? [英] How to run untrusted Ruby code inside a safe sandbox?

问题描述

我希望能够运行不受信任的 ruby​​ 代码.我希望能够将变量传递给它可能使用的不受信任的代码.我还希望上述代码将结果返回给我.这是我在想什么的概念性示例

I want to be able to run unstrusted ruby code. I want to be able to pass variables to said untrusted code that it may use. I also want said code to return a result to me. Here is a conceptual example of what I am thinking

input = "sweet"
output = nil
Thread.start {
   $SAFE = 4
   #... untrusted code goes here, it uses the input variable(s)
   #to calculate some result that it places in the output variable
}
#parse the output variable as a string.

澄清一下，我基本上是将不受信任的代码用作函数.我想要提供它的一些输入，然后允许它写入输出.这就是我真正想要的，我不在乎它是如何完成的，我只想要使用不受信任的 Ruby 代码作为一种功能的能力.解决方案不必看起来像我上面写的代码，我只是用它来说明我想要的.

Just to clarify, I am basically using the untrusted code as a function. I want to provide its some inputs, and then allow it to write to the output. That is all I really want, I don't care how it is done, I just want the ability to use untrusted Ruby code as a sort of function. The solution does not have to look anything like the code I wrote above, I am just using it to illustrate what I want.

现在，我目前可以想到 3 种方法来做到这一点:

Now, I can currently think of 3 ways to do this:

1. 使用上面的 $SAFE 级别构造.
2. whytheluckystiff 有一个用于 ruby​​ 的 Sandbox 插件
3. 我可以在自己的虚拟机中运行每个功能，使用某种操作系统虚拟化软件，如 vmware 或 Xen 或其他东西.

我想知道是否有人对以功能方式运行不受信任的 ruby​​ 代码有任何建议?你会推荐什么选择?你会怎么做?谢谢.

I am wondering if anyone has any recommendations for running untrusted ruby code in a functional way? What option would you recomend? How would you go about it? Thanks.

推荐答案

$SAFE 是不够的；你至少需要达到Why's freaky sandbox的水平.但是，我不知道该沙箱代码是否积极维护，或者他/他们是否曾经解决过无限循环等漏洞.

$SAFE is not enough; you need to be at least at the level of Why's freaky sandbox. However, I don't know if that sandbox code is actively maintained or if he/they ever solved the holes such as infinite loops, etc.

不安全通常意味着敌对.如果您可以从敌对放松到天真"，并且根据您的应用程序的要求，您可能会在 Ruby 中使用沙箱.这在语言设计中并不是真正的一流场景.

Unsafe generally means hostile. If you can relax from hostile to, say, 'naive', and depending upon the requirements of your app, you might get away with sandboxing in Ruby. It's not really a first-class scenario in the language design.

尽管如此，您可能不需要进入机器级别的分离.我觉得在单独生成的进程中使用沙箱非常安全，您的应用程序充当进程管理器来杀死任何设法挂起/燃烧的东西.现在，这比上面的简单块要多几个数量级的工作.

Even with that, though, you probably don't need to go to the machine level of separation. I'd feel pretty safe using a sandbox in a separately spawned process, with your app functioning as a process manager to kill off any that manage to hang/flame. Now, that is a few orders of magnitude more work than your simple block above.

但请记住并不断重复，SAFE 无法应对敌对".

But remember and keep repeating, "SAFE can't deal with hostile".

这篇关于如何在安全沙箱中运行不受信任的 Ruby 代码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！