Rumbles

Activity Graph

Page 1 of 1

2015-12-08

[09:11:15] Rumbles: has joined #ruby
[09:11:15] Rumbles: has joined #RubyOnRails
[13:50:50] Rumbles: Ping timeout: 272 seconds

2015-12-07

[08:55:32] Rumbles: has joined #ruby
[08:55:32] Rumbles: has joined #RubyOnRails
[13:25:17] Rumbles: Ping timeout: 246 seconds
[13:27:47] Rumbles: has joined #ruby
[13:27:47] Rumbles: has joined #RubyOnRails
[17:37:55] Rumbles: Ping timeout: 260 seconds
[22:21:51] Rumbles: has joined #ruby
[22:21:51] Rumbles: has joined #RubyOnRails
[22:29:20] Rumbles: Ping timeout: 272 seconds

2015-12-06

[01:02:03] Rumbles: has joined #ruby
[02:35:59] Rumbles: Ping timeout: 245 seconds
[02:48:50] Rumbles: has joined #ruby
[02:54:31] Rumbles: has joined #RubyOnRails
[02:56:19] Rumbles: hi, can anyone advise how to run a rails console in a sandbox which restricts the user from accessing system commands? http://superuser.com/questions/1009250/forcing-a-user-on-login-in-to-a-rails-console-and-prevent-them-access-system-co
[03:02:44] Rumbles: Ping timeout: 246 seconds
[09:51:36] Rumbles: has joined #RubyOnRails
[09:51:37] Rumbles: has joined #ruby
[10:31:34] Rumbles: can anyone suggest how I would sandbox a rails process, so that a user can connect to a machine and have access to a rails console, but no system commands? I've posted in detail here: http://serverfault.com/questions/741073/forcing-a-user-on-remote-connection-in-to-a-rails-console-and-prevent-them-acc
[10:54:15] Rumbles: that's not something I have heard of before FailBit
[10:56:17] Rumbles: are you referring to this FailBit ? https://github.com/github/hoosegow
[11:23:58] Rumbles: Ping timeout: 260 seconds

2015-12-05

[01:15:19] Rumbles: Ping timeout: 260 seconds
[08:11:44] Rumbles: has joined #ruby
[08:15:27] Rumbles: can anyone answer my question on how to restrict a user to a ruby console on a rmeote connection? http://superuser.com/questions/1009250/forcing-a-user-in-to-a-ruby-console-which-cannot-run-any-system-commands
[08:28:04] Rumbles: Ping timeout: 245 seconds
[09:20:50] Rumbles: has joined #ruby
[09:44:38] Rumbles: Ping timeout: 246 seconds
[18:40:25] Rumbles: has joined #ruby
[19:05:59] Rumbles: Ping timeout: 245 seconds

2015-12-04

[15:59:02] Rumbles: has joined #ruby
[15:59:48] Rumbles: hi, is there any way to stop a user in a ruby console from running system commands?
[16:03:04] Rumbles: ACTION goes back to google
[16:03:14] Rumbles: thanks Ox0dea
[16:04:17] Rumbles: so that would just be rails c --sandbox ??
[16:12:38] Rumbles: Ox0dea, so what I'm trying to is to allow a user to ssh on to a box, and if the session comes from a certain key, it just runs this script: http://fpaste.org/297464/ This puts them in the ruby console in a particular environment. The idea is to allow a dev on to a machine to check if things are working
[16:13:05] Rumbles: I showed my boss and he was able to run commands like `rm -rf *` or `bash` and break out in to a bash console
[16:13:08] Rumbles: which I want to stop
[16:13:21] Rumbles: even with the --snadbox flag set it still allows me to do this...
[16:13:47] Rumbles: is what I'm attempting even possible?
[16:14:04] Rumbles: not sure what you mean by outside of Ruby :/
[16:19:09] Rumbles: okay, tha's great, can you tell me how? I'm trying to search for how to sandbox, but all my googleing has returned so far is to run the ruby c with --sandbox
[16:19:15] Rumbles: but that allowed me to run `bash` still
[16:33:14] Rumbles: sorry, I'm just trying to fix something, one min
[16:38:42] Rumbles: havenwood, I am familiar with the concept of chroot jails, I have used them in the past with sftp setup, but I don't know how I would do that when running the the ruby console
[16:40:02] Rumbles: sure, but I'm not sure how I would sandbox the ruby console :\
[16:40:30] Rumbles: my google searches only returned the --sandbox flag and that didn't stop me from being able to run system commands
[16:40:48] Rumbles: so clearly I'm missing your point :)
[17:26:44] Rumbles: Ping timeout: 246 seconds
[18:06:57] Rumbles: has joined #ruby
[18:24:49] Rumbles: Quit: Leaving
[18:25:02] Rumbles: has joined #ruby
[18:27:06] Rumbles: hello again...
[18:27:31] Rumbles: so, I'm still trying to figure out how to load a ruby console without giving the user access to the bash env
[18:28:06] Rumbles: I'm wondering can I run a chroot command as the first command run in the ruby console when it loads?
[18:28:49] Rumbles: since, I don't know which folder I want to chroot to until the user has selected it as part of the bash script
[18:33:19] Rumbles: so, my technique was to have the command listed in the authorized_keys fileas explained here: http://fpaste.org/297515/
[18:33:33] Rumbles: that allows the script to run if someone logs in with that key and nothing else
[18:34:15] Rumbles: but I want to chroot the user after the console is started, is there a way to run the chroot in that script? or would I have to rethink my approach?
[18:35:20] Rumbles: thanks I'll have a look drbrain
[18:38:59] Rumbles: thanks drbrain but I don't think that's workable
[18:39:32] Rumbles: I would have to copy everyhting the user needs to run ruby console before I start in to the app_root each time the user wants to go in
[18:39:42] Rumbles: and I don't know where the user is going to work until they have made a selection
[18:41:37] Rumbles: well, in dev where I am testing our server has a load of apps, in prod that wouldn't normally be an issue
[18:42:16] Rumbles: do you have to be root to run something like Dir.chroot("/var/chroot/mychroot") in ruby ?
[18:43:54] Rumbles: okay, this probably isn't workable as I don't want to run this as root
[18:48:31] Rumbles: thanks Ox0dea I'll have a read
[19:09:33] Rumbles: damn, that's a shame, that looked promising Ox0dea but required linux => 3.8, and I'm going to have to do this on ubuntu 14.04 machines running kernel 3.19 :(
[19:12:49] Rumbles: ACTION googles
[19:20:29] Rumbles: Ping timeout: 246 seconds
[19:34:50] Rumbles: has joined #ruby
[19:46:19] Rumbles: Ping timeout: 260 seconds
[22:18:20] Rumbles: has joined #ruby