Save the world from evil code crusade

[aurelianito]

I want to say things like evil.rb code can write to "evil.log" but to

Setting up a list of "unsafe" methods (blacklisting) is likely to
break when more methods are added. Instead, I'd set up a list of
*safe* methods (whitelisting).

I agree. But my idea is to leave security configuration to the
administrator. I want to give him/her the tools necesary to disable
unwanted behaviour.

For the unsafe code part, I'd use safemode and proxy over the classes
you want to allow by overriding the MyClass constant with a pure
method_missing based proxy. The proxyied calls can be filtered for
security on the "outside", where only your code runs.

I'm interested with this option. How do you avoid the unsafe code to
bypass the proxy? can you show me some ruby (pseudo)code?

Thank's,
Aureliano.

 

[Eivind Eklund]

I agree. But my idea is to leave security configuration to the
administrator. I want to give him/her the tools necessary to disable
unwanted behaviour.

Same goes for the sysadmin, really. Security researchers tend to list
the use of blacklisting instead of whitelisting as one of the top five
reasons for the amounts of security problems we have.

One thing that I've personally been thinking a bit about for possible
use in FreeBSD is the ability to restrict a process to a completely
specified set of capabilities, throwing away the rest. Then, we'd
only need to trust the code that throw away the privs, not the rest.=20
If done conveniently, this could be used by all programs, for internal
compartmentization. This might be a different use for your code that
you've not yet thought of?

I'm interested with this option. How do you avoid the unsafe code to
bypass the proxy? can you show me some ruby (pseudo)code?

If you've wiped everything, there's no bypass possibilities (Ruby
object refs work as capabilities.) I'd probably implement this with
$SAFE =3D 4 for extra safety, though. Unfortunately, I lack the time to
play around with this and try to give you any decent form of code
right now.

Eivind.

 

[aurelianito]

Hi!

I've sumarized some of your questions and added them to the secured
ruby wiki. The link is
http://securedruby.rubyforge.org/wiki/wiki.pl?FrequentlyAskedQuestions.
Please let me know and/or modify this page if you believe something is
wrong or missing.

Thank you very much for your patience and feedback,
Aureliano.

PS: If you feel like contributing to this project, you are more than
welcome.