How safe is $SAFE=4?


(Morris, Chris) #1

[shoujoai@lina safe]$ cat myeval.rb
def safeEval(expr)
result = nil
Thread::start {
$SAFE = 4
result = eval expr
}.join
result
end

loop {
print 'Enter expression: '
expr = gets
break if !expr
puts safeEval(expr)
}
[shoujoai@lina safe]$ ruby myeval.rb
Enter expression: 1+1
2

Huh - I tweaked the above to check expr.tainted? and it is true when it’s
evaled – according to http://www.rubycentral.com/book/taint.html at $SAFE

= 1, tainted strings cannot be evaled. Why does this script work, eval-ing
1+1?

Chris


(ts) #2

Huh - I tweaked the above to check expr.tainted? and it is true when it's
evaled -- according to http://www.rubycentral.com/book/taint.html at
$SAFE >> = 1, tainted strings cannot be evaled. Why does this script
work, eval-ing 1+1?

Try it with $SAFE = 3

#eval is safe at level 4

Guy Decoux