How safe is $SAFE=4?

Morris_Chris · 5 June 2002 12:43

Huh - I tweaked the above to check expr.tainted? and it is
true when it’s
evaled – according to
http://www.rubycentral.com/book/taint.html at
$SAFE >> = 1, tainted strings cannot be evaled. Why does
this script
work, eval-ing 1+1?

Try it with $SAFE = 3

#eval is safe at level 4

Ahhhhhhhh… I’ve been assuming the SAFE levels were cumulative. Thx for the
clarification.

Chris

ts1 · 5 June 2002 12:52

Ahhhhhhhh... I've been assuming the SAFE levels were cumulative. Thx for the
clarification.

There are cumulative for 1 .. 3. For example, for #eval you can't use it
with a tainted string with 1 <= $SAFE <= 3

For $SAFE >= 4, ruby just check that it has a String because at this level
ruby can't do something dangerous when it execute the nodes

Guy Decoux

Topic		Replies	Views
How safe is $SAFE=4? ruby-talk	1	141	5 June 2002
How safe is $SAFE=4? ruby-talk	1	112	4 June 2002
Security riddle with $SAFE and untainted strings ruby-talk	0	127	23 August 2005
How safe is $SAFE=4? ruby-talk	1	134	4 June 2002
Eval, SAFE, and Sandbox ruby-talk	5	115	25 May 2010

How safe is $SAFE=4?

Related Topics