I’ve set up new version of Ruby from CVS and my programs failed to work.
ruby refuses to require standard libraries. Whats wrong?
Here is IRB snapshot:
irb(main):001:0> VERSION
=> "1.8.0"
irb(main):002:0> RELEASE_DATE
=> "2003-06-06"
irb(main):003:0> $SAFE = 1
=> 1
irb(main):004:0> require 'base64’
SecurityError: Insecure operation - eval
from /usr/local/lib/ruby/1.8/irb/workspace.rb:81:in eval' from /usr/local/lib/ruby/1.8/irb/workspace.rb:81:inevaluate’
from /usr/local/lib/ruby/1.8/irb/context.rb:197:in evaluate' from /usr/local/lib/ruby/1.8/irb.rb:148:ineval_input’
from /usr/local/lib/ruby/1.8/irb.rb:146:in signal_status' from /usr/local/lib/ruby/1.8/irb.rb:146:ineval_input’
from /usr/local/lib/ruby/1.8/irb.rb:144:in each_top_level_statement' from /usr/local/lib/ruby/1.8/irb/ruby-lex.rb:219:inloop’
from /usr/local/lib/ruby/1.8/irb/ruby-lex.rb:247:in each_top_level_statement' from /usr/local/lib/ruby/1.8/irb/ruby-lex.rb:218:incatch’
from /usr/local/lib/ruby/1.8/irb/ruby-lex.rb:218:in each_top_level_statement' from /usr/local/lib/ruby/1.8/irb.rb:144:ineval_input’
from /usr/local/lib/ruby/1.8/irb.rb:70:in start' from /usr/local/lib/ruby/1.8/irb.rb:69:incatch’
from /usr/local/lib/ruby/1.8/irb.rb:69:in `start’
from /usr/local/bin/irb:13
Maybe IRB bug!!
In message “requiring standard libs with save level 1” on 03/06/09, Eugene Scripnik Eugene.Scripnik@itgrp.net writes:
I’ve set up new version of Ruby from CVS and my programs failed to work.
ruby refuses to require standard libraries. Whats wrong?
Here is IRB snapshot:
irb does not work well with $SAFE >= 1. This is known bug/feature.
I’ve set up new version of Ruby from CVS and my programs failed to work.
ruby refuses to require standard libraries. Whats wrong?
Here is IRB snapshot:
irb does not work well with $SAFE >= 1. This is known bug/feature.
I don’t think this is irb bug/feature. I used IRB just for example. Now
loot at this script:
(hoaz)~/proj>cat test.rb
#!/usr/local/bin/ruby
puts VERSION
puts RELEASE_DATE
$SAFE = 1
require ‘digest/md5’
(hoaz)~/proj>ruby test.rb
1.8.0
2003-06-06
test.rb:7: warning: Insecure world writable dir
/usr/local/lib/ruby/site_ruby/1.8, mode 040777
test.rb:7:in `require’: loading from unsafe path
/usr/local/lib/ruby/site_ruby/1.8:/usr/local/lib/ruby/site_ruby/1.8/i386-freebsd4.7:/usr/local/lib/ruby/site_ruby:/usr/local/lib/ruby/1.8:/usr/local/lib/ruby/1.8/i386-freebsd4.7:.
(SecurityError)
from test.rb:7
···
In message “requiring standard libs with save level 1” > on 03/06/09, Eugene Scripnik Eugene.Scripnik@itgrp.net writes:
test.rb:7: warning: Insecure world writable dir
/usr/local/lib/ruby/site_ruby/1.8, mode 040777
^^^
This is not normal, and ruby is right when it give the error
First of all I didn’t see this warning in irb and mod_ruby.
Another point is why ruby creates directories with this permitions
during install and then warns (and even aborts) when I execute my scripts.
I’ve fixed permitions by hand and all works fine, but this is wrong. Why
should I do this job instead of installer?
First of all I didn't see this warning in irb and mod_ruby.
Another point is why ruby creates directories with this permitions
during install and then warns (and even aborts) when I execute my scripts.
I've fixed permitions by hand and all works fine, but this is wrong. Why
should I do this job instead of installer?
What is your version of ruby ?
An old version of 1.8.0 had this problem (for me, it's a bug and I've
signaled the problem on ruby-core) and I think that it was corrected.
First of all I didn’t see this warning in irb and mod_ruby.
Another point is why ruby creates directories with this permitions
during install and then warns (and even aborts) when I execute my scripts.
I’ve fixed permitions by hand and all works fine, but this is wrong. Why
should I do this job instead of installer?
What is your version of ruby ?
An old version of 1.8.0 had this problem (for me, it’s a bug and I’ve
signaled the problem on ruby-core) and I think that it was corrected.
(hoaz)~>ruby -v
ruby 1.8.0 (2003-06-06) [i386-freebsd4.7]
svg% ls -l /home/ts/local/r18
total 12
drwxr-xr-x 2 ts ts 4096 Jun 10 14:16 bin/
drwxr-xr-x 3 ts ts 4096 Jun 10 14:16 lib/
drwxr-xr-x 3 ts ts 4096 Jun 10 14:16 man/
svg%
Installation is OK. Another question
%mkdir test
%ls -al
total 6
drwxr-xr-x 3 hoaz users 512 10 17:39 .
drwxr-xr-x 3 hoaz users 512 10 17:39 …
drwxr-xr-x 2 hoaz users 512 10 17:39 test
%cd test
%ruby -e ‘$SAFE = 1; require “digest/md5”’
%cd …
%chmod 777 test
%ls -al
total 6
drwxr-xr-x 3 hoaz users 512 10 17:39 .
drwxr-xr-x 3 hoaz users 512 10 17:39 …
drwxrwxrwx 2 hoaz users 512 10 17:39 test
%cd test
%ruby -e ‘$SAFE = 1; require “digest/md5”’
-e:1: warning: Insecure world writable dir
/usr/home/hoaz/test/test/test/., mode 040777
-e:1:in `require’: loading from unsafe path
/usr/local/lib/ruby/site_ruby/1.8:/usr/local/lib/ruby/site_ruby/1.8/i386-freebsd5.0:/usr/local/lib/ruby/site_ruby:/usr/local/lib/ruby/1.8:/usr/local/lib/ruby/1.8/i386-freebsd5.0:.
(SecurityError)
from -e:1
Warning is ok, I have to warned that I am in insecure dir.
But why require call failes? I use standard library from standard path
with right permitions.
Warning is ok, I have to warned that I am in insecure dir.
But why require call failes? I use standard library from standard path
with right permitions.
Because it has found an insecure directory ('.') in $LOAD_PATH. It first
test if $LOAD_PATH is secure, and stop (with $SAFE >= 1) if it has seen a
problem
Warning is ok, I have to warned that I am in insecure dir.
But why require call failes? I use standard library from standard path
with right permitions.
Because it has found an insecure directory (‘.’) in $LOAD_PATH. It first
test if $LOAD_PATH is secure, and stop (with $SAFE >= 1) if it has seen a
problem
I don’t understand two things:
Why do I get warning and error. As far as I understand error will
always occur after warning. So warning seems to be meaningless.
Why do I get error when I require standard library from standard
path? The only insecurity is that pwd has wrong permitions. Is it
intentional?