tags:

views:

397

answers:

6

I've found that there WAS a sandbox gem (created by the guys that made try ruby in your browser but it was compatible only with Ruby 1.8. Another problem is that I cannot find it anymore (it seems they stop serving the gem from the servers...).

So, is there any secure way of running ruby in a sandbox (so you can run it from your browser)? Or an easy way to run (for example lua/python) in a sandbox (no filesystem access, no creation of objects etc) and be called from Ruby (Rails 2.2)?

I want to make an application like try_ruby even without having a ruby underneath. But it has to be an easy language (I saw there was a prolog in ruby, even a lisp but I don't think they are easy to learn languages...).

So, do you have any suggestions or tips? Or should I just start creating my own DSL in Ruby (if there is a solution in creating a somewhat safe system)?

Thx

+1  A: 

I came across This article on hackety.org(dead link) this morning. Maybe it can serve you as a guide into the right direction

krusty.ar
+1  A: 

You should try embedding JRuby in the browser.

http://ruby-in-browser.googlecode.com/svn/trunk/evalruby/index.html

A: 

Another way is like codepad.org does it (VM isolation and checking the calls)

Jon Romero
A: 

The guy who wrote the original gem disappeared, Keyser Söze style: http://www.rubyinside.com/why-the-lucky-stiff-is-missing-2278.html

I've read that the JRuby gem is more current or maintained, but I've found it buggy so far. Here are some setup instructions: http://flouri.sh/2009/4/4/how-to-set-up-the-jruby-sandbox

Overall, it looks like Ruby is lacking a solid implementation of this right now :(

Brian Armstrong
A: 

I am developing an implementation of a sandbox for ruby based on a modification of the ruby interpreter written in C, I have released recently a functional version of the gem that is called shikashi,

the web project page: the rdoc documentation:

Sorry, the spam protection don't allow me to send hyperlinks, search the gem "shikashi" in github

rseminara
hi i am trying to use your gem in rails project. i am getting this weird undefined method 'shadow' on enumerable.this is when access association proxy methods
Subba Rao
A: 

I am not sure if you want to run any language in a sandbox. But I found that JavaScript has been running as a sandbox language for a long time. The ruby racer project lets you embed the v8 engine in ruby. Hope that helps.

Vagmi Mudumbai