At 11:35 -0600 1/28/09, Yehuda Katz wrote:
> One option is to exit(128) in a middleware or something.
I was hoping to do this in the context of Merb, but if a
middleware is a cleaner solution, I'm OK with that.
> However, you're in a much bigger pickle than you think.
> If the user can run arbitrary code, what's stopping them
> from eval("FileUtils.rm_rm('/')")
Several things:
* The app will be running as an unprivileged user, in a
chrooted jail (eg, Jailkit), within a substantially
locked- and stripped-down instance of Debian Linux.
* The Linux instance will be running inside a Virtual
Machine (eg, VirtualBox), with no access to the host
file system. There will also be precautions taken to
keep the VM from sending unsolicited packets to any
unauthorized IP/port combinations.
So, things aren't quite as perilous as they might be. See:
http://cfcl.com/twiki/bin/view/Projects/Ontiki/Architecture
http://cfcl.com/twiki/bin/view/Projects/Ontiki/Security
At 10:14 -0800 1/28/09, Matt Aimonetti wrote:
> Rich, I'm with Yehuda on this one, you really shouldn't let
> users run arbitrary code. I'd suggest you use one of the
> available tools such as liquid or kwartz, otherwise, it's
> a recipe for disaster.
>
> Also, the run_later solution might be tricky, since the
> thread might start before the request is done + run_later
> doesn't on passenger... anyways, as I said, you should use
> a safe template language.
I looked at Liquid, but there are a couple of problems with
it, for my purposes. First, it's not really Ruby, so the
syntax is going to present a new learning curve. Also, I
don't want to get into "wrapping" every call that one of my
users might want to use (and worrying about the possibility
for each call to do damage). That way lies madness.
I haven't studied Kwartz much, but it seems to have a very
similar set of problems. The most intriguing possibility
is Why's Sandbox, because it's actually Ruby, but it still
puts me into trench warfare against problematic code. So,
I think I'll pursue this approach for the moment...
-r
--
http://www.cfcl.com/rdm Rich Morin
http://www.cfcl.com/rdm/resume [email protected]
http://www.cfcl.com/rdm/weblog +1 650-873-7841
Technical editing and writing, programming, and web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"merb" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/merb?hl=en
-~----------~----~----~----~------~----~------~--~---
