[shoujoai@lina safe]$ cat myeval.rb
def safeEval(expr)
result = nil
Thread::start {
$SAFE = 4
result = eval expr
}.join
result
endloop {
print 'Enter expression: ’
expr = gets
break if !expr
puts safeEval(expr)
}
[shoujoai@lina safe]$ ruby myeval.rb
Enter expression: 1+1
2
Huh - I tweaked the above to check expr.tainted? and it is true when it’s
evaled – according to http://www.rubycentral.com/book/taint.html at $SAFE
= 1, tainted strings cannot be evaled. Why does this script work, eval-ing
1+1?
Chris