How safe is $SAFE=4?


(Morris, Chris) #1

Huh - I tweaked the above to check expr.tainted? and it is
true when it’s
evaled – according to
http://www.rubycentral.com/book/taint.html at
$SAFE >> = 1, tainted strings cannot be evaled. Why does
this script
work, eval-ing 1+1?

Try it with $SAFE = 3

#eval is safe at level 4

Ahhhhhhhh… I’ve been assuming the SAFE levels were cumulative. Thx for the
clarification.

Chris


(ts) #2

Ahhhhhhhh... I've been assuming the SAFE levels were cumulative. Thx for the
clarification.

There are cumulative for 1 .. 3. For example, for #eval you can't use it
with a tainted string with 1 <= $SAFE <= 3

For $SAFE >= 4, ruby just check that it has a String because at this level
ruby can't do something dangerous when it execute the nodes

Guy Decoux