hoodwink.d enhanced


Handing Out IRB Like It's Sardines #

by why in inspect

I’m sort of obsessed with getting people into a Ruby prompt without any installation. The new sandbox_server kicks huge in that direction.

sandbox_server, a balloon:

Serve Ruby sessions over a socket.

This won’t work so well with 1.8.4, so you’ll probably want the latest ruby_1_8 from CVS. It sorta works under 1.8.4 until you have multiple connections and the threads kick in.

Anyway, run the balloon. Then, in another window, you’ll telnet to localhost:5000. Each socket is given its own session. Just hit ENTER and you’ll be given a session id and your IRB session will start.

 Connected to localhost.
 Escape character is '^]'.
 >> ticket = [12, 47, 35]
 => [12, 47, 35]
 >> ticket.object_id
 => 71618820
 >> ^]

So, the session id is that 20-character string that gets spewed. Let’s open another session and be sure the ticket variable isn’t showing up in the other session.

 Connected to localhost.
 Escape character is '^]'.
 >> ticket
 => nil
 >> ticket.object_id
 => nil

The nil means an exception was thrown. I’m still trying to figure out how to actually catch exceptions which get thrown from the sandbox. You see, rescue won’t catch sandboxed exceptions because they don’t actually descend from Ruby’s normal classes. (However, the stack frames are intact.)

So, to log back into your session. Use LOGIN [SESSID] instead of just hitting ENTER.

 Connected to localhost.
 Escape character is '^]'.
 LOGIN BwDG7bniEo5l44UumTig
 >> ticket
 => [12, 47, 35]

The best part is: since this is just a plain socket connection with a very braindead protocol, you can easily write scripts for the shell or wrap it in SSH or put up CGIs which interface with this.

Oh, cool: and you can have multiple peoples logged into the same session at once. Pass the dutchie.

said on 26 Jul 2006 at 15:06

Seems like the only way to catch a snadbox’d exception is to stick out a C-shot foot as it goes past: namely rb_rescue. At that point you can wrap it up in a SandboxError or something for interception by the regular authorities.

said on 26 Jul 2006 at 15:08

Oh, wait. rb_rescue only catches felons descended from Ma StandardError, doesn’t it? Man, that’s a bind.

said on 26 Jul 2006 at 15:36

Ok, since all this standard class stuff isn’t sacred anyway, could you temporarily have an rb_cObject->super just for the duration of your rb_rescue2?

Of course that still hasn’t solved the potential problem of non-Object-derived classes, if you let someone use a C extension permitting that from within a sandbox.

said on 26 Jul 2006 at 15:40

Anyway, definitely do wrap escaping exceptions in a SandboxError or something. That’s how you make that stuff livable.

said on 26 Jul 2006 at 15:47

Don’t worry, I’ll be able to catch it. Then I’ll reassign the parentage of the exception and re-raise. Because rb_cModule is set okay when rb_rescue gets called inside the freaky snadbox.

C extensions should be fine unless they’re holding onto an rb_cObject reference from before the sandbox started. I don’t know why anyone would do that, but I’m sure there are cases. I don’t care much about those cases, though. If the symbol tables start to mix, at least the namespaces are clean.

said on 26 Jul 2006 at 17:38

This is why I love having why’s SVN repo RSS on my google homepage, I can kinda guess what’s going to happen. It’s like a spider-sense.

said on 26 Jul 2006 at 22:07


Where’s the Why I know and love? Where’s the cool meta programming guru emanations that give new meaning to the rest of us with our sorry and meaningless lives!

Rat-holing on sandboxs and IRB prompts from the cloud? AHHHHHHHHHHHHHHHHHHHHHHHH !

Please Why, please, come back to us!!!!!!

said on 26 Jul 2006 at 22:15

Please forgive me oh metafoo mushroom master. I have blasphemed!

Your infinite wisdom will soon surely enlighten us to the path of sandbox nirvana.

(self flagellates with a barbed whip)

said on 26 Jul 2006 at 22:23

In other words, dance monkey, dance.

It’s not a sandbox, but a secluded beach. Like a nudist beach, where only the people on the beach can see the tawdry code.

And just you wait. After further inspection (and introspection) it will be found that every grain of sand is in fact its own beach.

said on 27 Jul 2006 at 12:45

FlashHater, url to svn rss goodness?? :)

said on 29 Jul 2006 at 23:58


said on 01 Aug 2006 at 05:10

nil: Here it is.


11 Jul 2010 at 21:33

* do fancy stuff in your comment.