How safe is $SAFE=4?

Morris_Chris · 5 June 2002 12:27

[shoujoai@lina safe]$ cat myeval.rb
def safeEval(expr)
result = nil
Thread::start {
$SAFE = 4
result = eval expr
}.join
result
end

loop {
print 'Enter expression: ’
expr = gets
break if !expr
puts safeEval(expr)
}
[shoujoai@lina safe]$ ruby myeval.rb
Enter expression: 1+1
2

Huh - I tweaked the above to check expr.tainted? and it is true when it’s
evaled – according to http://www.rubycentral.com/book/taint.html at $SAFE

= 1, tainted strings cannot be evaled. Why does this script work, eval-ing
1+1?

Chris

ts1 · 5 June 2002 12:33

Huh - I tweaked the above to check expr.tainted? and it is true when it's
evaled -- according to http://www.rubycentral.com/book/taint.html at
$SAFE >> = 1, tainted strings cannot be evaled. Why does this script
work, eval-ing 1+1?

Try it with $SAFE = 3

#eval is safe at level 4

Guy Decoux

Topic		Replies	Views
How safe is $SAFE=4? ruby-talk	1	149	5 June 2002
How safe is $SAFE=4? ruby-talk	1	117	4 June 2002
Eval, SAFE, and Sandbox ruby-talk	5	119	25 May 2010
Accessing binding in eval with $SAFE=4 ruby-talk	0	104	15 February 2008
Security riddle with $SAFE and untainted strings ruby-talk	0	131	23 August 2005

How safe is $SAFE=4?

Related Topics