secure 0.6.1 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/README.md +73 -0
  2. data/lib/secure/version.rb +1 -1
  3. metadata +7 -6
data/README.md ADDED
@@ -0,0 +1,73 @@
1
+ Secure is the ruby sandboxing gem that powers http://rubymonk.com
2
+
3
+ Copyright (c) Tejas Dinkar and C42 Engineering
4
+
5
+ How To Install:
6
+ ===============
7
+ $ gem install secure
8
+
9
+ or add the following to your Gemfile
10
+
11
+ gem 'secure'
12
+
13
+ API Documentation:
14
+ ==================
15
+ ```ruby
16
+ Secure.ly do
17
+ File.read("some file")
18
+ end
19
+ ```
20
+
21
+ You can pass options to tweak what security checks are put in place. If the option is not there, then the security check is not put in place by default
22
+
23
+ ```ruby
24
+ Secure.ly
25
+ :timeout => 0.15
26
+ :limit_memory => 10000000
27
+ :limit_cpu => 2
28
+ :pipe_stdout => File.open("foo", "w") do
29
+ # Some secure operation here
30
+ end
31
+ ```
32
+
33
+ Options:
34
+ ========
35
+ * :timeout => Guard thread that monitors the child process. If this elapses, this raises a Secure::TimeoutError
36
+ * :limit_memory => This is an absolute value of how much memory your block can take in bytes. Remember, absolute. I'll be getting relative support in soon
37
+ * :limit_cpu => This is the limit of how many cpu-seconds your process can use. MUST be an integer. This should be used as a fallback in case :timeout is not honored
38
+ * :run_before => A block, or array of blocks that is run before your code is sandboxed. Be careful. Remember how lambdas are bound in ruby. Refer to this for more details: http://blog.sidu.in/2007/11/ruby-blocks-gotchas.html
39
+ * :pipe_stdin, :pipe_stdout, :pipe_stderr => A File to pipe the stdin, out ond stderr to
40
+
41
+ Errors:
42
+ =======
43
+ * Secure::TimeoutError => This is thrown if the :timeout limit is reached. The stack trace will be whatever line of code the app was running at the time
44
+ * Secure::ChildKilledError => This is thrown if one of the kernel level checks cause the child to die. The stack trace for this exception will be junk
45
+ * SecurityError => This is thrown if ruby tries to execute some code which is not allowed. The stack trace will help you figure out what was in violation
46
+ * Any other Error will be thrown as if it had happened in the parent process. We do our best to preserve the stack trace.
47
+
48
+ How Does it work:
49
+ =================
50
+
51
+ * Secure runs your ruby code in SAFE mode 3, which prevents evaluation of tainted strings and opening of new files.
52
+ * It also puts in kernel level RLIMIT checks, to make sure that your ruby process behaves itself
53
+ * It also spawns a monitoring thread, to make sure the thread doesn't take too long
54
+ * Secure runs in a new process, so people can screw up the Ruby tree as much as they like :-)
55
+
56
+ Known Issues:
57
+ =============
58
+ * :limit_memory does not work on OSX (at least whatever version I use), but it does work on linux
59
+ * :pipe_stdout is not tested because of some rspec weirdness
60
+ * A block bound before $SAFE is set sees the old safe value. Refer to this for some clue about the reason why this happens: http://blog.sidu.in/2007/11/ruby-blocks-gotchas.html
61
+ * Stdout cannot be piped to a StringIO. You need to open a unix PIPE. There are two reasons for this. The code runs in a child process, so you need to use and IPC mechanism, and a string IO is not recognized as a file at the C level
62
+
63
+ Soon:
64
+ =====
65
+ * Getting rid of SAFE level 3, and moving everything into the kernel space. cgroups sounds hopeful here. As does more rlimit stuff
66
+
67
+ Performance:
68
+ ============
69
+ RubyMonk is backed by an code evaluation server that uses secure gem in the backend. A single small (EC2) instance was able to consistently handle 150 code evaluation requests per minute, and we were able to horizontally scale when load went above this. YMMV
70
+
71
+ Contributing:
72
+ =============
73
+ Feel free to file bugs. However, if it is a security issue, we appreciate it if you shoot me a mail at tejas@c42.in before you file a bug.
data/lib/secure/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Secure
2
- VERSION = "0.6.1"
2
+ VERSION = "1.0.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 1.0.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2011-10-08 00:00:00.000000000Z
12
+ date: 2011-10-26 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70252604126500 !ruby/object:Gem::Requirement
16
+ requirement: &70153208867340 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ~>
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '2.6'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70252604126500
24
+ version_requirements: *70153208867340
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rake
27
- requirement: &70252604125960 !ruby/object:Gem::Requirement
27
+ requirement: &70153208866920 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *70252604125960
35
+ version_requirements: *70153208866920
36
36
  description: see summary
37
37
  email:
38
38
  - tejas@gja.in
@@ -42,6 +42,7 @@ extra_rdoc_files: []
42
42
  files:
43
43
  - .gitignore
44
44
  - Gemfile
45
+ - README.md
45
46
  - Rakefile
46
47
  - lib/secure.rb
47
48
  - lib/secure/child_process.rb