user314362
Reputation: 1235
Disallow ENV and ENV_JAVA in JRuby
Is it possible to disallow the use of ENV and ENV_JAVA in JRuby? I allow user supplied ruby code to run in servers, and I believe allowing them to use ENV and ENV_JAVA is not a very good idea.
I was able to disallow the use of System.get/setProperty() using Java's Security Manager, but I haven't had much success in this case.
Thanks in advance!
Upvotes: 1
Views: 302
Answers (1)
Nick Sieger
Reputation: 3315
This should do the trick:
class Object
remove_const :ENV
remove_const :ENV_JAVA
end
Upvotes: 3
Related Questions
- java System.getenv environment names starting with "="
- JRuby DSL encapsulation, exclude standard library
- Is it possible to limit allowed JRuby commands in a Java application?
- Run java with highest security setting
- Is it possible to stop Ruby scripts from importing Java in JRuby?
- RVM, JRuby setting specific java environment
- How to disable calls to certain Java packages from Jython
- security issue running jruby on tomcat6
- Java Security Manager for JRuby
- SAFE levels in JRuby