Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > Dia 1.1 released!

Reply
Thread Tools

Dia 1.1 released!

 
 
Robert Gleeson
Guest
Posts: n/a
 
      02-16-2010
Hey

For anyone on OSX who has a few minutes to spare you might "Dia" a fun
project to play around with.

It can run a Ruby block or an OSX Application under a sandbox with five
different profiles that affect the restrictions of the sandbox.

Here is a quick example:


require 'rubygems'
require 'dia'
require 'open-uri'

Dia::SandBox.new(Dia:rofiles::NO_INTERNET).run_w ith_block do
open(URI.parse('http://www.google.com')).read # Exception raised.
end

If anyone is curious, it use's the features exposed in the C header file
"sandbox.h" on OSX to create a sandbox ..

I released 1.1 today .

http://gemcutter.org/gems/dia
http://github.com/robgleeson/dia


</spam>

Cheers,
Rob
--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
 
 
 
Daniel Berger
Guest
Posts: n/a
 
      02-16-2010


On Feb 16, 7:24=A0am, Robert Gleeson <(E-Mail Removed)> wrote:
> Hey
>
> For anyone on OSX who has a few minutes to spare you might "Dia" a fun
> project to play around with.
>
> It can run a Ruby block or an OSX Application under a sandbox with five
> different profiles that affect the restrictions of the sandbox.
>
> Here is a quick example:
>
> require 'rubygems'
> require 'dia'
> require 'open-uri'
>
> Dia::SandBox.new(Dia:rofiles::NO_INTERNET).run_w ith_block do
> =A0 open(URI.parse('http://www.google.com')).read# Exception raised.
> end
>
> If anyone is curious, it use's the features exposed in the C header file
> "sandbox.h" on OSX to create a sandbox ..
>
> I released 1.1 today .
>
> http://gemcutter.org/gems/diahttp://...robgleeson/dia


Looks interesting. I'm curious about the name, though. When I think of
"Dia" I first think of this:

http://projects.gnome.org/dia/

Regards,

Dan

 
Reply With Quote
 
 
 
 
Robert Gleeson
Guest
Posts: n/a
 
      02-16-2010
Dan --

Thanks for the reply .. I think this project has been mentioned to me
before but I took the name "Dia" from the Gaelic language. It translates
to "God".

Thanks,
Rob

--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
Robert Gleeson
Guest
Posts: n/a
 
      02-23-2010
I'm just leaving an update:

Dia 1.3 was released a few days ago, and introduces some convenience
methods like Dia::Sandbox#terminate and Dia::Sandbox#alive? . Also
included in this release are API changes that add some
consistency(whether you are running a block or an application in a
sandbox, both are supplied to the constructer and initiated with
Dia::Sandbox#run)

Documentation: http://www.flowof.info/dia

Rob ,
http://blog.flowof.info
--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
Josh Cheek
Guest
Posts: n/a
 
      02-23-2010
[Note: parts of this message were removed to make it a legal post.]

On Tue, Feb 23, 2010 at 5:19 AM, Robert Gleeson <(E-Mail Removed)> wrote:

> I'm just leaving an update:
>
> Dia 1.3 was released a few days ago, and introduces some convenience
> methods like Dia::Sandbox#terminate and Dia::Sandbox#alive? . Also
> included in this release are API changes that add some
> consistency(whether you are running a block or an application in a
> sandbox, both are supplied to the constructer and initiated with
> Dia::Sandbox#run)
>
> Documentation: http://www.flowof.info/dia
>
> Rob ,
> http://blog.flowof.info
> --
> Posted via http://www.ruby-forum.com/.
>
>

Hi, Robert, I've been wanting to do a Rails project for my ACM group at
school that includes functionality similar to codepad.org and javabat.com,
where code is submitted by the user and executed on the server. Of course,
there are huge security risks with this, that I don't currently have the
knowledge to address. Would Dia be able to handle situations like this (at
least for Ruby)?

In particular, I want to take user submitted code and
1) execute it, evaluate the output
2) run some predesigned set of unit tests / specs against it, and report the
success/failures

I feel like this could be a very effective learning tool, but like I said,
security has been a big hurdle.

-Josh

 
Reply With Quote
 
Robert Gleeson
Guest
Posts: n/a
 
      02-23-2010
Josh --

Thanks for the interest!
Dia works on the operating system level by using features exposed by the
Mac OSX header "sandbox.h" .. The most restrictive profile you can use
is Dia:rofiles::NO_OS_SERVICES, and this disallows all operating
system services.

If you were to setup a sandbox like you were talking about, I'd suggest
this profile.

You won't be able to:

* Read from the filesystem
* Write to the filesystem
* Access the internet
* Do any kind of socket based communication
* fork()

.. And the restrictions go on, I've probably missed a few.

I'll leave you with an example to give you some ideas:

sandbox = Dia::Sandbox(Dia:rofiles::NO_OS_SERVICES) do
open(URI.parse('http://www.google.com')).read
end

# Child process is spawned.
# Ruby block is executed.
# An attempt to access the internet encountered, and a subclass of
SystemCallError(Errno::EPERM) raised.
sandbox.run

If you have any question, please ask.

Thanks,
Rob



--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
Robert Gleeson
Guest
Posts: n/a
 
      02-23-2010

Typo fix:

> sandbox = Dia::Sandbox.new(Dia:rofiles::NO_OS_SERVICES) do
> open(URI.parse('http://www.google.com')).read
> end
>



--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
Robert Gleeson
Guest
Posts: n/a
 
      02-23-2010
Another mistake I made, this is the exception that actually gets raised
with the following code:

"could not lookup DNS configuration info service: Permission denied
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/net/http.rb:560:in
`initialize': getaddrinfo: nodename nor servname provided, or not known
(hope:flowof.info robertgleeson$ SocketError)"


you will need to require 'open-uri' and 'net/http' _before_ you call
Dia::Sandbox#run because require() will also fail under this sandbox.

--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
Josh Cheek
Guest
Posts: n/a
 
      02-23-2010
[Note: parts of this message were removed to make it a legal post.]

Thanks for the feedback, Robert. I won't be able to play with it for a bit
because of work, school, and a business project I'm engaged in, but this
idea has been flirting with me for over a year, and I've been on the lookout
for a tool like this to make it possible I'll definitely sit down and
play with it (aka see if it can stop my subversity, lol)

I'm really excited about this, thank you for making it available ^_^

(lol, I have 6 minutes before I have to leave for school, and I'm looking at
the clock debating whether I can install and try some of the examples from
the github page within that time)

 
Reply With Quote
 
Robert Gleeson
Guest
Posts: n/a
 
      02-24-2010
Josh --

Let me know how it goes If you need any help you can get back to me
here, or on IRC (irc.freenode.net / "robgleeson")

Since a child process is spawned by DIa::Sandbox#run, and you want to
capture a return value from your block i'd suggest using IO.pipe if you
haven't thought of that already.

Thanks,
Rob
--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I generate dia diagrams from python source code? Qauzzix Python 3 07-27-2009 08:51 AM
buen dia aruam_mas@hotmail.com Computer Support 0 09-01-2007 01:21 AM
Problems with dia-up Fred J Computer Support 1 11-21-2004 03:32 AM



Advertisments