[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Restricting file access in Ruby

John Allen

12/28/2004 5:30:00 AM

Hey, I don't know if this is a subject that's been beat to death or not as
I'm new to the group, but I wanted to ask whether anyone's extended Ruby to
allow scripts to (dis)allow access to files based on some sort of user
defined mechanism.

I'm writing an application that will allow individual users to write (and
execute) their own Ruby scripts within a confined subtree of my filesystem,
and I want to basically add checks to any function that accesses files,
whether through the File class, or the Dir class, or whatever. The users
in my system are not all trusted equally, and I want to grant varying
degrees of privilege to each. I also want to restrict access to sockets
and other I/O mechanisms, but that's easier to do since all I have to do is
not make the library available.

I've been reading through the code in the ruby-1.8.2 source tree, and I'm
learning how it's all tied together. I guess my question is where to put
my checks. Also, I feel funny even suggesting this because it seems to go
against everything I've read about Ruby making things less complicated and
bloated.

Anyway, flames or comments are appreciated.

-John
3 Answers

Florian Gross

12/28/2004 4:41:00 PM

0

John Allen wrote:

> Hey, I don't know if this is a subject that's been beat to death or not as
> I'm new to the group, but I wanted to ask whether anyone's extended Ruby to
> allow scripts to (dis)allow access to files based on some sort of user
> defined mechanism.
>
> [...]
>
> I've been reading through the code in the ruby-1.8.2 source tree, and I'm
> learning how it's all tied together. I guess my question is where to put
> my checks. Also, I feel funny even suggesting this because it seems to go
> against everything I've read about Ruby making things less complicated and
> bloated.

I'd suggest using $SAFE and having a custom interface for doing IO that
goes through your special privilege checks. But you might be right in
that patching Ruby for this would make security breaches less likely.

Andreas Schwarz

12/30/2004 5:16:00 PM

0

John Allen wrote:
> Hey, I don't know if this is a subject that's been beat to death or not as
> I'm new to the group, but I wanted to ask whether anyone's extended Ruby to
> allow scripts to (dis)allow access to files based on some sort of user
> defined mechanism.

This is what users and permissions on OS level are good for; I think it
will be _very_ hard to implement it in ruby.

Zach Dennis

12/30/2004 6:02:00 PM

0

Andreas Schwarz wrote:
> John Allen wrote:
>
>> Hey, I don't know if this is a subject that's been beat to death or
>> not as
>> I'm new to the group, but I wanted to ask whether anyone's extended
>> Ruby to
>> allow scripts to (dis)allow access to files based on some sort of user
>> defined mechanism.
>
>
> This is what users and permissions on OS level are good for; I think it
> will be _very_ hard to implement it in ruby.

I concur with Andreas, this isn't necessarily the job for ruby to be
doing, nor your scripts. It adds unnecessarily complexities to a problem
ruby shouldn't be solving anyways. Let your OS do this. It will save you
from headache.

Zach