foss.in/2012

Bangalore , 29th November to 1st December 2012

When

29th November to 1st December 2012 10:00 am - 08:30 pm

Website: foss.in/2012

Where

NIMHANS Convention Center
Marigowda Road
Near Dairy Circle
Bangalore, India
See map

Subscribe & Share

November 30, 2012, 11:00 am

Sandboxing untrusted code in a Ruby App

 Attend

Sometime you want to run untrusted code on your server. Our expirements with sandboxing started with the creation of a CI Service called Goldberg PRO, and then continued on with Ruby Monk [1], which needed to prevent users from performing potentially dangerous operations in code they submitted via the website.

Here we discuss various system level, language level, and application level techniques that we tried (and we plan to try in the future) to ensure that the user does not bring down the entire system. Some techniques we plan to speak about include LXC (Linux Containers), Chroots, Ruby's SAFE levels, Kernel level limitations, SELinux and PTrace.

Some of our learnings are published in the form of the Open Source ruby gem - secure [2]

[1] http://RubyMonk.com
[2] https://github.com/c42/secure

Hall: Hall 2 [220] Track: Development Tools and Languages Type: Talk

Speaker: