Stop file access from Ruby

Question

I have a server application that allows users to execute their own ruby scripts. The server that the scripts run on is a virtual instance on Amazon's EC2 so no permanent damage can be done. However I'd like to take whatever precautions I can to stop any dangerous/malicious script, reboots are still something I'd like to avoid.

At the moment I disallow any scripts that contain "require" or "include". I think it would actualy be safe to allow "include"? There is no need for any users to access the server's file system so if I disallow any occurrence of the string "file." will that prevent users being able to access the server's file system?

Answer 1

Disallowing occurrence of the string "file" will not help you at all. They still have eval, pack/unpack, Dir, ` and tons of other stuff.

YMMV, but this is what I would have done:

• Run the ruby process as an unprivileged user
• in a jailed environment (i.e. chroot, freebsd jail or equivalent)
• in a stripped environment (no suids, no other unnecessary files -- bare minimum is best)
• with $SAFE >= 2
• and with no write access to any files/folders

Probably still not secure, but it's a start.

EDIT: Might also be a good idea to set limits on system resource consumption using ulimit or equivalent.

Answer 2

Sounds like you are in for a guessing game. Wouldn't it be easier to run the scripts as a user with very low privileges? Or you could take a look at how TryRuby solved similar problems.

Seems there are several options for sandboxing Ruby but I haven't used any of them so I can't hand out recommendations.