Sandboxing and untrusted code
8 views
Skip to first unread message
retro
Jun 27, 2010, 7:16:55 AM6/27/10
to Johnson
Is it possible to run untrusted code inside of Johnson. I've removed
Ruby object (Ruby = null) inside of context, but It seems that you can
eval ruby code through RubyLandProxy object. You can replicate this by
running:
js = Johnson::Runtime.new()
js[:proxy] = {:key => 'value'}
js[:Ruby] = nil
js.evaluate('Ruby = null;')
js.evaluate(%Q(proxy.eval("puts 'hello from ruby'")))
I would like to use Johnson, as it fits my needs, but this seems to be
pretty big issue. Is there any way to prevent this from happening?
Ruby object (Ruby = null) inside of context, but It seems that you can
eval ruby code through RubyLandProxy object. You can replicate this by
running:
js = Johnson::Runtime.new()
js[:proxy] = {:key => 'value'}
js[:Ruby] = nil
js.evaluate('Ruby = null;')
js.evaluate(%Q(proxy.eval("puts 'hello from ruby'")))
I would like to use Johnson, as it fits my needs, but this seems to be
pretty big issue. Is there any way to prevent this from happening?
Steven Parkes
Jul 4, 2010, 8:06:23 PM7/4/10
to johnso...@googlegroups.com
> Is it possible to run untrusted code inside of Johnson
Sandboxing would be nice, but I for one really don't know if it's possible. It would take time just to try to detect/plug holes, and I'm not sure there wouldn't be show stoppers.
As to your eval example, you'd either have to have no Ruby objects reachable from the untrusted JS, or, perhaps, make sure they were very restricted a la blank_slate. So restricted, in fact, I wonder if they'd be useful at all ...
Making no Ruby objects available via JS would mean no calling back from JS to Ruby, only the other way around ...
Reply all
Reply to author
Forward
0 new messages