Hijacking syscalls with (m)ruby

by Franck Verrot

In "Hijacking System Calls with (m)ruby," Franck Verrot discusses the innovative approach of integrating Ruby into various applications through the use of mruby. The presentation highlights mruby's capability to allow developers to embed Ruby code within programs written in other languages, enabling the hijacking of system calls, which can significantly enhance functionality.

Key points discussed in the presentation include:
- Introduction to Franck Verrot: A French software engineer based in California, passionate about embedding Ruby in applications.
- Background and Interest in Ruby: Franck's interest in embedding Ruby began in 2014 with PostgreSQL's foreign data wrapper, leading to the development of Holly Corn, a product allowing Ruby code to back tables in PostgreSQL.
- Experiments with Other Databases: He replicated this concept with SQLite and is currently experimenting with Redis, which supports loadable modules for extending functionality.
- Future Directions: Franck aims to explore distributing computations across a network of mruby processes in his upcoming work.
- Understanding System Calls: System calls serve as the interface between programs and the operating system, facilitating requests for services. For instance, interactions in Ruby script that involve file operations rely on underlying system calls.
- Practical Illustration: Franck explains how to identify open files linked to processes and the system calls used in these interactions, underscoring the practical implications of system call hijacking.

The presentation emphasizes how hijacking system calls can be a powerful technique for leveraging Ruby's capabilities in various programming environments, paving the way for innovative applications. The audience is left with an understanding of the intersection between Ruby and system-level programming, and the potential for future exploration in this area.

00:00:00 Hi everyone! My name is Franck, and the title of this presentation is "Hijacking System Calls with Ruby."

00:00:05 To start this presentation, a few words about me: I'm French and currently living in Walnut Creek, California. I've been here for a year and I work for a company called Another Health, located in San Francisco.

00:00:17 Last year, I gave a talk and mentioned that my Japanese skills were embarrassing. I think they're even worse this year. I'm not sure how that happened, but it did! One of my passions is embedding Ruby in various applications.

00:00:29 This interest began in 2014 when I discovered that PostgreSQL had a foreign data wrapper, which enables you to expose a table in Postgres where the data is generated by a Ruby script. For example, I presented this idea last year.

00:00:42 I built a product called Holly Corn, which provides access to tables backed by Ruby. You create a class in Ruby and can iterate over that class using an enumerator. Then, you can create a foreign table in Postgres and provide the source code, allowing you to select data that is generated by Ruby code.

00:00:59 In 2015, I replicated this success with SQLite, and while it is still a prototype, it works! This year, I've attempted the same concept with Redis, which features a loadable module system. This system allows for extending Redis functionalities with custom code.

00:01:21 Next year, I plan to experiment further with mruby, focusing on distributing computations across a network of mruby processes. I will likely document my findings in a blog post in a few months.

00:01:36 Now, back to this presentation: What are we going to learn? We will explore what system calls are, why hijacking system calls can be useful, how to integrate with mruby, and considerations around performance.

00:01:43 According to the documentation, a system call is a request made by an active process to the kernel for services performed by the operating system. In simpler terms, system calls are the interface between your programs and the operating system.

00:01:56 For instance, if you have a Ruby script that opens a file and writes to it, the libraries being used under the hood wrap the system calls, which directly communicate with the operating system.

00:02:10 Let's consider a simple example where you open a file and perform some operations. If you hit Ctrl+Z, you can get the process ID, and then use the command 'lsof' to see all open files linked to that process. You'll find a list that includes the system call used to open the file.

00:02:29 At the end of that list, you'll see information about the opened file, including the file descriptor, indicating how it was opened (e.g., for writing).