Browse files

Created Sandboxing Ruby: The Good, the Bad, and the Fugly (markdown)

  • Loading branch information...
1 parent 47e4a24 commit cda4cb9d18fdc0e9c34b6b9b9cc7bc2ea5852887 @dscataglini dscataglini committed Oct 1, 2011
Showing with 25 additions and 0 deletions.
  1. +25 −0 Sandboxing-Ruby:-The-Good,-the-Bad,
25 Sandboxing-Ruby:-The-Good,-the-Bad,
@@ -0,0 +1,25 @@
+## Motivation
+We launched rails for zombies and we let people run code on heroku. Our initial method for sandboxing was regex based.
+Zedshaw took us down quickly with a 1 liner. We then had to learn more about sandboxing.
+### $SAFE
+Using $SAFE global, unfortunately rails doesn't work with any level higher than 0
+### rubycop
+looks at the ast
+### jail/jruby_sandbox
+isolates Namespaces
+create a sandbox evaluate a sandbox
+Blocks dangerous operations with
+Protects secrets
+Limits resource utilization
+sandboxeval %{while;true;end}, timeout: 5 #
+Can give sandbox "capabilitites
+foo = sandbox.eval('')
+please go to and try to break it.

0 comments on commit cda4cb9

Please sign in to comment.