Sandboxing eval'd code

From: eastcoastcoder@xxxxxxxxx
Date: 8 Feb 2006 09:42:40 -0800

I'm working on a web app with complicated and ever changing business
rules.

On any given day, a new rule may need to be introduced - quickly.
There's not enough commonality between them to factor out and just make
configuration changes. So the developers are always adding and
modifying, which of course makes reliability and testing difficult.

I thought of the following solution: New business rules can be coded in
Ruby and serialized into the database, along with configuration options
as to when they apply. (The rules look at a bunch of things and return
either continue or abort - so making hooks for them is easy. They
should never modify *anything* - just return a value.)
The app will load them and run them in a sandbox, catching all
exceptions and also timeing them out if they fail to return.
Developers can add/modify these rules easily, without touching the core
app, and, should one have a bug, although it may give the wrong result,
it won't bring the rest of the system down.

One concern I have is that I know that eval'd code can modify class
definitions, and access other objects via ObjectSpace. Is there anyway
to eval code so that it can't change Classes and the like? A true
Sandbox.

I'm not familiar enough with $SAFE to know what it can do (although
I've heard it is not reliable). http://tryruby.hobix.com/ probably
does this, but source doesn't seem available.
http://approximity.com/cgi-bin/rubybuch_wiki/wpage.rb?nd=214 looks
relevant, but I can't figure it out.

In general, comments about this greatly appreciated.

.

Follow-Ups:
- Re: Sandboxing eval'd code
  - From: why the lucky stiff
- Re: Sandboxing eval'd code
  - From: Erik Veenstra
- Re: Sandboxing eval'd code
  - From: Erik Veenstra

Prev by Date: Re: c extension: symbols
Next by Date: Why do I have three objects instead of one?
Previous by thread: c extension: symbols
Next by thread: Re: Sandboxing eval'd code
Index(es):
- Date
- Thread

Relevant Pages

Re: service question
... The use of the SERVICE.H header file and the accompanying SERVICE.C file ... There is no need to modify the code in SERVICE.C. ... The second option is to use the ATL COM App Wizard in MSVC 6 and ... Services should run as LocalService or LocalSystem and they should run on ...
(microsoft.public.dotnet.languages.vc)
Re: Cannot print 132 columns!
... I'm not looking to modify the app, which is on a Unix ... Printfil - Windows Printing System for Applications ...
(microsoft.public.windowsxp.print_fax)
Re: Specifying Output Directory Structure
... Use PostBuild event in the project property. ... But consider that your dll's copy won't be used by your app -it's just copy that invisible to you app ... I only want to modify settings ...
(microsoft.public.dotnet.general)
Re: best way to write a VB-app with several languages
... Actually allowing the user to modify the text may be best. ... It will open your app up to languages that you do not ... I have an existing vb app that is in english language which means that all ... Should I use resource files and put all text of both languages into it? ...
(microsoft.public.vb.general.discussion)