Hi,
I'm currently attempting to use the Javasand gem[1] to sandbox a JRuby
application[2]. I've added persistent state[3], but I'm currently
running into a Marshalling issue with the code that transfers code from
the sandbox to the environment. The simplest way to reproduce it is:
(in a 'jbundle console', where javasand is in the bundle)
require 'sandbox'
class A; end
sandbox = Sandbox.new
sandbox.ref(A)
a = sandbox.eval("a = A.new")
We now have variables called 'a' in both the sandbox and in the
environment. These are different objects, but the one in the sandbox is
mostly a stub, which delegates many calls to the one in the environment,
which it contains a reference to. These calls are still executed inside
the sandbox, which is why it remains safe.
Objects are 'copied' from the sandbox to the environment by marshalling
and unmarshalling and this is where something goes wrong.
Marshal.load(Marshal.dump(a)) will work fine. Through a
CodeWrapper < Struct.new :code
sandbox.ref(CodeWrapper)
code_wrapper = sandbox.eval "code_wrapper = CodeWrapper.new"
code_wrapper.code = Marshal.dump(a)
we can move data inside the sandbox and
sandbox.eval "Marshal.load(code_wrapper.code)"
will work just fine. However, what won't work is:
code = sandbox.eval "Marshal.dump(a)"
The value of code is
"\004\bo:\006A\a:\r__link__o;\000\000:\f__box__o:\022Sandbox::Full\a:\...@options{\000"
while Marshal.dump(a) is
"\004\bo:\006A\000"
Adding an @__box__ and @__link__ to make things more alike
a.instance_variable_set '@__box__', sandbox
a.instance_variable_set '@__link__', a
yields
"\004\bo:\006A\a:\...@__link__@\000:\...@__box__o:\022Sandbox::Full\a:\...@options{\000"
So it seems these __link__ and __box__ instance variables are the
culprits, but I am unsure how to fix this. Does anyone have a suggestion?
[1] Pulled to Github at http://github.com/Confusion/javasand
[2] The sandbox is preferred, because it allows fine-grained
control. The second choice was the JVM security manager, but alas:
http://jira.codehaus.org/browse/JRUBY-5153.
[3] As it was,
sandbox = Sandbox.new
sandbox.eval "o = Object.new"
sandbox.eval "o"
would fail with Sandbox::Exception: NameError: undefined local variable
or method `o' for main:Object, which made sense when you looked at the
code, because the eval method invoked the single argument evalScriptlet,
which creates a new scope object for every invocation.
best regards,
--
Ivo Wever
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
