DRAGON CITY


Ruby Programming Language

The Ruby Security Enigma    

Can a scripting language like Ruby be executed in a secure manner ?

 After setting the RubyRun problem onto the ruby-talk web site , I was pleased to receive a number of 'attacks' in which different techniques were used to crack the system. All 'snuck in' the very small crack ( chink of light) between the decryption of the ruby program and the calling of ruby to run that program. Using standard Linux/Unix techniques and commands. To my knowledge nobody actually bothered to crack the encrypted file itself.

However, with useful user input I am now pondering on another way to make Ruby secure. One respondent suggested I really dont want security - I want protection! - a subtle difference but he is correct. All I'm trying to achieve is a way to ensure that casual users of a delivered system cannot change the Ruby source code and render your users files open to corruption. (internal user malicious attack)

The Rubyrun Challenge

 I was pondering over this apparent security hole in running scripts in general and Ruby in particular while developing a Email Spam filtering tool - Spam-B-Gone for myself ( a progam similar to MailWasher  on MS Windows). There are obvious security holes in any program that accesses the internet as these programs must have information about the ISP mail  address, your ISP user name & and worse your ISP password ! This is especially problematic for scripted languages as the actual source code must be available for execution.

After some research, I think I have created a technique where a Ruby.rb (source) file can be encrypted, and is thus secure, and by using a driver program (rubyrun)  to decrypt  and execute the program..

So download and untar the tar.gz and see if you can actually get hold of the  ruby.rb source code! ( I want you to break the system!)

                               $tar -xzvf addflds.tar.gz

to run the program  :   $rubyrun addflds.rbx

Download me !  addflds.tar.gz  (approx 65000 bytes)     [ Linux only]

-- the file contains addflds.rbx, runruby & aes.so (encryption library) , & requires FXRuby/FOX to be installed. It was tested under Debian 3.0 and Mandrake 9.2. (it will not execute under MS Windows!)

Ruby GUI Creation

I have created two seperate tools to aid in the generation of Ruby/FXRuby forms , QT2FXRuby which translates a form defined using the QT form composer tool, and RubyFXGen, a tool that generates forms from a simple form definition language (FFDL)

QT2FXRuby

While ferretting around for info, I also discovered that  there was no IDE  (Interactive Development Environment) a la
Delphi / V Basic  to easily build Ruby GUI interface forms. Therefore, I developed a Ruby program to convert / translate
QT3 Gui designed forms into a running FXRuby program.

 So crank up your QT  Designer, which must be at least version 3.0, as there were major changes to the QT Form .UI file format  at this
release & Qt2FXRuby cannot process previous formats.

After designing your form, save it, and run QT2FXRuby to convert it into  FXRuby! You do not have to insert any C++ code into the QT3 form,
which is the normal QT3 development process, as it will be ignored anyway!

The generated program of your .UI file is a complete FXRuby program which will display a FOX form of the same layout as the original QT3 form, ready for your additional Ruby code to complete the program development process. No QT runtime code is used in the converted program. Only the QT3 Designer is used to design the form.

Notice that this program,  QT2FXRuby, does work, but it is my first Ruby program, and is still under development and  does  not handle
all the avaliable QT widgets that you may drop onto your form. So expect failures !!

And please make any modifications you require.

Download  my article on developing FXRuby forms   : Building_a_form_with_FXRuby.pdf     (pdf approx  230 Kbytes )

Download QT2FXRuby program(s)    visit                  : www.rubyforge.org                                    

RubyFXGen

After some experience with using qt2fxruby (see above) , I decide to take  another approach to the problem of creating GUI Forms.
Most developers are used to using a IDE ( Integrated Development Environment), where there is a close relationship between the developement language and the GUI toolkit. There are some developments in this approach for Ruby. Check www.rubyforge.org.

However, I decided to take another approach by creating FFDL ( Fox Form Definition Language).  This  language allows you to describe the
layout of frames, widgets, comboboxes, etc , without needing to physically place these components onto the form itself. The FOX Layout Managers
will automatically place the components.  A side benefit of FFDL is that the end user may resize the displayed form and all components are
resized, unlike the X/Y coordinate system used in qt2fxruby which inhibits such resizing.

The generated program is a complete Ruby .rb file and may be edited.

Visit the  www.rubyforge.org site to find the latest version of RubyFxGen. There is a complete user guide in .ps format included there.

Spam-B-Gone

Since starting development work under Linux, I was missing the excellent Email processing program "Mail Washer" for MS Windows.
So I developed one for Linux using Ruby/FXRuby.

 Spam-B-Gone offers the user a table layout showing incoming email header information.
The user can  select those emails that they wish to delete on the ISP computer. Unwanted mail never makes it onto your computer!
Spam-B-Gone does not (yet) use any filtering software, its a purely visual experience.

Although I sucessfully completed Spam-B-Gone in Ruby, I decided not to release it.  But have released a Smalltalk version instead  (see Smalltalk in the previous form)

Contact me via email     dragoncity@impulse.net.au
Brett S Hallett