On Wed, Sep 03, 2008 at 05:41:31PM -0700, William Morgan wrote: > Isn't that way harder than making MRI sandboxed? Look at what's out > there now. On FreeBSD you have jail. On Linux you have chroot (the "poor > man's jail") and a couple virtualization options, of which OpenVZ seems > like the most active, but all of which require patching your kernel.
On Linux, I was considering Plash <http://plash.beasts.org> or a trimmed-down Subterfugue <http://subterfugue.org/>. Another option is to take the route I took with Try Ruby. It starts with the full Ruby environment and then forks off interpreters which programmatically strip out all of their goodies and start up a mock filesystem in memory. I mean I wouldn't normally recommend this route, but I have to hand it to Try Ruby. It's managed to stay very memory- and CPU-efficient. Pairing the freaky sandbox with shoes sounds like a disaster. Ruby isn't threadsafe so all sandboxes would be running together in one process. I need some breathing room. I've been working on a fork of Shoes to break out the GUI into its own thread. That's a good start, but multiple Shoes apps running at once on OS X means all the scripts crowding the same process. Anyway, no one should worry about my security plans effecting your current scripts. It's not like I'm trying to cut off all access to the filesystem or to sockets. I just want to be able to offer a way for people to run scripts in a safe environment, if they choose. _why
