Bangalore , 29th November to 1st December 2012


29th November to 1st December 2012 10:00 am - 08:30 pm



NIMHANS Convention Center
Marigowda Road
Near Dairy Circle
Bangalore, India
See map

Subscribe & Share

November 30, 2012, 11:00 am

Sandboxing untrusted code in a Ruby App


Sometime you want to run untrusted code on your server. Our expirements with sandboxing started with the creation of a CI Service called Goldberg PRO, and then continued on with Ruby Monk [1], which needed to prevent users from performing potentially dangerous operations in code they submitted via the website.

Here we discuss various system level, language level, and application level techniques that we tried (and we plan to try in the future) to ensure that the user does not bring down the entire system. Some techniques we plan to speak about include LXC (Linux Containers), Chroots, Ruby's SAFE levels, Kernel level limitations, SELinux and PTrace.

Some of our learnings are published in the form of the Open Source ruby gem - secure [2]


Hall: Hall 2 [220] Track: Development Tools and Languages Type: Talk