David Haley
Wizard
Group: Members
Posts: 5,730
Joined: Jun 30, 2007
|
#16 Posted Nov 1, 2009, 7:47 pm
|
Tyche said:This can be mitigated by writing a monitor thread that kills scripts that exceed some time threshold.
Are there hooks into the number of instructions executed, or would that require writing C code to poke at the interpreter's internals? Instruction counts can sometimes be a better metric than time, at least if time is wall time and not CPU time.
|
|
|
Tyche
Wizard
Group: Members
Posts: 1,059
Joined: May 23, 2006
|
#17 Posted Nov 2, 2009, 4:36 pm
|
David Haley said:Are there hooks into the number of instructions executed...
Not in any of the Ruby implementations I've used.
|
.........................   
For now we see through a glass, darkly; but then face to face: now I know in part; but then shall I know even as also I am known.
|
|
Runter
Wizard
Group: Members
Posts: 1,074
Joined: Jun 1, 2006
|
#18 Posted Dec 20, 2009, 7:21 am
|
This is a bit late, so I apologize if it isn't fresh any more. :)
Are all objects that are tainted exposed to any script?
Also, I don't really understand the part about needing to write code to examine exposed objects to make sure they are still okay. Typically what could be wrong with the objects? Perhaps just invalid data?
Edit:
Also with the code you posted, Tyche, I'm getting the security error at the first eval that was expected at the second.
Code (text): 1
2
3
4
5
6
7
8 |
obj.taint
sandbox do
eval script
end
|
"in `eval': Insecure: can't modify instance variable (SecurityError)"
|
|
.........................
-Heath
For once you have tasted flight Ruby you will walk the earth with your eyes turned skywards,
for there you have been and there you will long to return. --
Leonardo Da Vinci Yukihiro Matsumoto
Last edited Dec 20, 2009, 7:53 am by Runter
|
|
Runter
Wizard
Group: Members
Posts: 1,074
Joined: Jun 1, 2006
|
#19 Posted Dec 20, 2009, 8:00 am
|
After a little testing I'm having trouble doing a large number of things I would expect to be able to do from inside of the sandbox. Is the answer to this actually lowering the safe level?
Actually, it seems like it doesn't matter if it's tainted or not. I get the same security results. Hrm.
I'm using 1.9.1 if it matters.
|
|
.........................
-Heath
For once you have tasted flight Ruby you will walk the earth with your eyes turned skywards,
for there you have been and there you will long to return. --
Leonardo Da Vinci Yukihiro Matsumoto
Last edited Dec 20, 2009, 8:19 am by Runter
|
|
Tyche
Wizard
Group: Members
Posts: 1,059
Joined: May 23, 2006
|
#20 Posted Dec 20, 2009, 12:01 pm
|
Runter said:
Are all objects that are tainted exposed to any script?
Any object in the current binding context when eval is invoked, which would be global and local variables. At safe level 4, you can't use untainted objects or globals.
Runter said:
Also, I don't really understand the part about needing to write code to examine exposed objects to make sure they are still okay. Typically what could be wrong with the objects? Perhaps just invalid data?
It's possible their properties could be set by a script to unexpected/invalid data. So yes, any sanity checks on the objects properties need to be done on those that would matter. For example, if you allowed an object that holds data fed into a SQL engine in a property to be seen by a script, you ought to make sure to check/escape that data before untainting.
Runter said:I'm using 1.9.1 if it matters.
I'm using 1.8, so I'll bet it does matter. I'm not sure what changes they may have made to it.
|
.........................
For now we see through a glass, darkly; but then face to face: now I know in part; but then shall I know even as also I am known.
|
|
|
|
Runter
Wizard
Group: Members
Posts: 1,074
Joined: Jun 1, 2006
|
#22 Posted Dec 20, 2009, 4:44 pm
|
Seems to me each thread of execution would be its own environment. Perhaps defining a function in a child thread would make it private?
|
|
.........................
-Heath
For once you have tasted flight Ruby you will walk the earth with your eyes turned skywards,
for there you have been and there you will long to return. --
Leonardo Da Vinci Yukihiro Matsumoto
|
|
Tyche
Wizard
Group: Members
Posts: 1,059
Joined: May 23, 2006
|
#23 Posted Dec 20, 2009, 5:56 pm
|
David Haley said:It seems that Ruby sandboxing works on the basis of tainting only.
It's based on SAFE levels; those above 0 enable tainting and taint checking. SAFE levels implement cumulative execution environment restrictions as the level increases, some of which define the usage of taint and untainted objects.
David Haley said:How do you set up a function environment in which you can run some "function" (be it a literal function, script, whatever) that works just like anything else, except that certain functions are not available?
Ruby is object oriented and everything is an object, so that functions cannot exist independent of objects. Taintedness only exists as a property of objects. So that's where you'd start with implementing something like "function" restrictions (i.e. objects that delegate or are composed of other objects that contain restricted or unrestricted functions).
|
.........................
For now we see through a glass, darkly; but then face to face: now I know in part; but then shall I know even as also I am known.
|
|
Cratylus
Wizard
Group: Members
Posts: 1,224
Joined: May 22, 2006
|
#24 Posted Dec 20, 2009, 9:11 pm
|
lol taint
|
|
|
