Safe sandbox for running untrusted code

[Ruben Fonseca]

Hello @all!

I'm sorry if this has been answered before, but I'm looking for an
expert voice for this question.

I would need if Ruby have a safe mechanism of running unsafe code on a
sandbox environment. Image this situation:

I lunch a contest "solve this problem in Ruby". The users submit their
code, and my system runs the code on an sandbox, with memory and time
constraints, and verifies if the output meets the required result.

Basicly, I need a way to run Ruby code that reads from STDIN, writes to
STDOUT, and I need to be sure it doesn't run more than "x" seconds and
don't eat all my memory.

It this possible with the current VM (MRI 1.8)?

Thank you for your support.

 

[Robert Klemme]

I would need if Ruby have a safe mechanism of running unsafe code on a
sandbox environment. Image this situation:

I lunch a contest "solve this problem in Ruby". The users submit their
code, and my system runs the code on an sandbox, with memory and time
constraints, and verifies if the output meets the required result.

Basicly, I need a way to run Ruby code that reads from STDIN, writes to
STDOUT, and I need to be sure it doesn't run more than "x" seconds and
don't eat all my memory.

It this possible with the current VM (MRI 1.8)?

There is at least $SAFE:
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html#S1

But AFAIK it does not prevent your CPU or memory going through the
roof or just taking ages. Depending on your platform you might be
able to do it using fork and having the parent kill the child if any
of your constraints (time, memory) are violated. But then you are
still not safe against system("/bin/rm", "-rf", "/"). That's where
$SAFE helps.

Kind regards

robert

 

[John Maclean]

There is at least $SAFE:
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html#S1

But AFAIK it does not prevent your CPU or memory going through the
roof or just taking ages. Depending on your platform you might be
able to do it using fork and having the parent kill the child if any
of your constraints (time, memory) are violated. But then you are
still not safe against system("/bin/rm", "-rf", "/"). That's where
$SAFE helps.

Kind regards

robert

I'd run the code within a virtualised environment. You'd be safe to rm -rf / as the "virtual server" is safely contained. vserver, xen, openvz, virtualbox, lguest... There's also the capability of changing ram, diskspace and loads of other stuff from outside of the virtual thang.

/dev/jayeola

 

[ara.t.howard]

It this possible with the current VM (MRI 1.8)?

no.

you will need to combine using $SAFE=12 (ruby side) and ulimit/chroot
from the unix side (or similar).

a @ http://codeforpeople.com/

 

[Ruben Fonseca]

no.

you will need to combine using $SAFE=12 (ruby side) and ulimit/chroot
from the unix side (or similar).

hi! thanks for all your input!

so does anybody knows how http://tryruby.hobix.com/ does it?

Ruben

 

[Jano Svitok]

so does anybody knows how http://tryruby.hobix.com/ does it?

http://code.whytheluckystiff.net/sandbox/ and/or search for freaky
freaky sandbox.

IIRC _why got some patches in ruby regarding this -- see archives for ruby-core.

J.

 

[Siep Korteling]

hi! thanks for all your input!

so does anybody knows how http://tryruby.hobix.com/ does it?

Ruben

http://www.spoj.pl/info/ does this with 30 programming languages,
including Ruby. I don't know how.

regards,

Siep