This repository has been archived by the owner. It is now read-only.

Sandboxing Ruby: The Good, the Bad, and the Fugly

dscataglini edited this page Oct 1, 2011 · 1 revision


We launched rails for zombies and we let people run code on heroku. Our initial method for sandboxing was regex based. Zedshaw took us down quickly with a 1 liner. We then had to learn more about sandboxing.


Using $SAFE global, unfortunately rails doesn't work with any level higher than 0


looks at the ast


isolates Namespaces create a sandbox evaluate a sandbox Blocks dangerous operations with Protects secrets Limits resource utilization sandboxeval %{while;true;end}, timeout: 5 # Can give sandbox "capabilitites sandbox.ref(Foo) foo = sandbox.eval('')

please go to and try to break it.

A crowd-sourced conference wiki!
Working together is better. :)

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.