Can you let users upload Sinatra apps and run them inside Rails as middleware?

views:

answers:

+2 Q:

Can you let users upload Sinatra apps and run them inside Rails as middleware?

I want to let users write small custom apps (think themes or plugins on Wordpress) and upload/run them on my site.

I'm thinking about using Sinatra apps for this since it would give the users a lot of flexibility, and then running them as middleware inside my rails app.

But I can't figure out the security implications of this. I tried creating a simple sinatra app as middleware, and it has access to all the rails models and everything - so that is bad. Is there a way for rack to keep these separate so that the sinatra apps are effectively sandboxed and can't do any bad things (outside of an API or some specific way I setup for them to communicate)?

There may be an easier way to accomplish this that I haven't thought of too, so ideas welcome. Thanks!

+1 A:

How well do you know/trust your users? I hope the answer contains words such as "extremely" and "intimately". How easily could you reach them with something sharp and painful if they mess up?

I can't think of a simple way (heck, I can't think of a complicated one) to allow upload and installation of such things. Even with Wordpress, I don't think they allow any random plugin to be installed/run on the WP-hosted site - the risks of even well-meaning code causing problems just seem immense to my paranoid mind.

Sinatra would certainly give flexibility, but that may not be a Good Thing, as you've already identified.

Of course, if your users are Ruby/Sinatra literate (or able to become acceptably so) then you could give them a repository (git, svn or whatever) for their apps and deploy them into the appropriate place in Rack either ad hoc or on some schedule.

Thinking on the hoof, and without any notion of feasibility, if the functions that can safely be made available are relatively limited, you might consider looking at writing some sort of constrained DSL for them to utilise. If the scripts thus produced were short/efficient enough, perhaps they could be stored within the app's database and executed via eval?

Mike Woodhouse 2010-03-25 13:34:14

How would `eval` help with the security implications?

Jonas Elfström 2010-03-25 13:45:08

@Jonas: probably no security help at all - I was trying to think of a way to allow any kind of plug-in without deployment. I suppose one could wrap some sort of sandbox environment around the script before `eval`ling it. I didn't say I *liked* the idea, but with a highly trusted set of users it *might* work... ;-)

Mike Woodhouse 2010-03-25 14:21:59

+1 A:

Maybe a look at TryRuby / The Freaky Sandbox or one of the other Ruby sandboxes could take you somewhere.

Jonas Elfström 2010-03-25 19:00:23

Thanks Jonas, this is great info.

Brian Armstrong 2010-03-25 21:56:46

Actually, upon further review this doesn't appear to be maintained anymore. Really a shame - Ruby doesn't appear to have any good sandboxing options right now that I've been able to find.

Brian Armstrong 2010-04-02 04:58:52

And $SAFE=4 doesn't seem to have a great reputation. http://ruby-doc.org/docs/ProgrammingRuby/html/taint.htmlhttp://blog.segment7.net/articles/2006/08/30/reducing-safehttp://coderrr.wordpress.com/2009/02/21/ridiculous-ruby-meta-programming-hack/

Jonas Elfström 2010-04-03 09:49:20

ansaurus

tags:

views:

answers:

Can you let users upload Sinatra apps and run them inside Rails as middleware?

related questions