Hi all,
This is a summary of ruby-dev ML in these days.
[ruby-dev:21616] access ENV on $SAFE==4 (contd.)
From the previous ruby-dev summary ([ruby-talk:84412]):
Hidetoshi NAGAI found that Safe interpreter of Tcl/Tk
don't allow to refer some informations of environments,
such as env, OS, library and so on. And he asked
whether we should forbid to use ENV, RUBY_PLATFORM
and $LOAD_PATH when $SAFE=4.
Hidetoshi NAGAI posted a summary of the thread in [ruby-dev:21804].
This entry is an incomplete translation of his summary.
* $LOAD_PATH
$LOAD_PATH cannot be referred to nor modified when $SAFE>=4.
* ENV
The following new methods are introduced
`insecure' means $SAFE>=4 in this document.
: ENV.allow_insecure_ref(varname)
Enables insecure programs to refer to VARNAME environment
variable.
Raises SecurityError if this method is called on $SAFE>=4.
By default, even insecure programs can refer to all the
environment variables for backward compatibility.
: ENV.deny_insecure_ref(varname)
Disables insecure programs to refer to VARNAME environment
variable.
Raises SecurityError if this method is called on $SAFE>=4.
: ENV.insecure_ref_allowed?(varname) -> bool
Returns true if insecure programs can refer to VARNAME environment
variable.
Raises SecurityError if this method is called on $SAFE>=4.
: ENV.insecure_ref_denied?(varname) -> bool
Returns true unless insecure programs can refer to VARNAME environment
variable.
Raises SecurityError if this method is called on $SAFE>=4.
: ENV.insecure_ref_allowings -> [String]
Returns a list of environment variable names that insecure
programs can refer to.
Raises SecurityError if this method is called on $SAFE>=4.
: ENV.insecure_ref_denyings -> [String]
Returns a list of environment variable names that insecure
programs cannot refer to.
Raises SecurityError if this method is called on $SAFE>=4.
* Module
The following new methods are introduced.
`insecure' means $SAFE>=4 in this document.
: Module#allow_insecure_ref(constname)
Enables insecure programs to refer to CONSTNAME constant.
Raises SecurityError if this method is called on $SAFE>=4.
: Module#deny_insecure_ref(constname)
Disables insecure programs to refer to CONSTNAME constant.
Raises SecurityError if this method is called on $SAFE>=4.
: Module#insecure_ref_allowed?(constname) -> bool
Returns true if insecure programs can refer to CONSTNAME
constant.
Raises SecurityError if this method is called on $SAFE>=4.
: Module#insecure_ref_denied?(constname)
Returns true unless insecure programs can refer to CONSTNAME
constant.
Raises SecurityError if this method is called on $SAFE>=4.
: Module#insecure_ref_allowings -> [String]
Returns a list of constant names which insecure programs
can refer to.
Raises SecurityError if this method is called on $SAFE>=4.
: Module#insecure_ref_denyings -> [String]
Returns a list of constant names which are hidden from
insecure programs.
Raises SecurityError if this method is called on $SAFE>=4.
* RUBY_PLATFORM, PLATFORM
Object.deny_insecure_ref(:RUBY_PLATFORM) and
Object.deny_insecure_ref(:PLATFORM) are the default.
These constants are invisible from insecure programs.
Matz agreed with him on the concept, but we still needs better
method names.
[ruby-dev:21707] drb Hash#each
Matz found that the Hash#each test case of dRuby failed on the
latest ruby. The reason of this failure is the feature mismatch
between yield([k,v]) and Proc#call([k,v]):
% cat t
def m1
yield [1,2]
end
m1 {|k,v| p [k,v] }
def m2( &block )
block.call([1,2])
end
m2 {|k,v| p [k,v] }
% ruby -v t
ruby 1.8.1 (2003-10-26) [i686-linux]
[1, 2]
[[1, 2], nil]
Matz finally changed Proc#call behavior, so now yield and Proc#call
produces same results:
% ruby -v t
ruby 1.8.1 (2003-11-04) [i686-linux]
[1, 2]
[1, 2]
[ruby-dev:21794] rb_iter_break() on ruby 1.8.1p2
MURATA Kenta reported that ruby 1.8.1p2 broke the following program:
#include <ruby.h>
static VALUE
ahi_ahi(VALUE obj)
{
rb_yield(Qnil);
}
static VALUE
ahi_abort(VALUE obj)
{
rb_iter_break();
}
void
Init_ahi(void)
{
VALUE cAhi = rb_define_class("Ahi", rb_cObject);
rb_define_method(cAhi, "ahi", ahi_ahi, 0);
rb_define_method(cAhi, "abort", ahi_abort, 0);
}
If you compile this extension and execute it, ruby will exit with
status 1:
$ ruby -rahi -e "a = Ahi.new; a.ahi { a.abort }"
-e:1:in `abort': unexpected break (LocalJumpError)
from -e:1
from -e:1:in `ahi'
from -e:1
This is because rb_iter_break() is called in different method frame
from which the block is running. For these kind of purpose, you
should use rb_catch() and rb_throw(). These APIs are described in
Pickaxe (page 195).
For the “right” usage of rb_iter_break(), see enum.c.
[ruby-dev:21816] “this method is deprecated” warning messages
Koji Arai reported that some warning messages are not printed on
ruby 1.8.1 preview 1. Corresponding warnings messages are:
% ruby-1.8.0 -e "{1=>'a', 2=>'b', 3=>'c'}.select(1,2,3)"
-e:1: warning: Hash#select(key..) is deprecated; use Hash#values_at
% ruby-1.8.0 -e '"foo" =~ "foo"'
-e:1: warning: string =~ string will be obsolete; use explicit regexp
% ruby-1.8.0 -e '$_ = "foo"; p ~"foo"'
-e:1: warning: ~string will be obsolete; use explicit regexp
Matz decided to remove Hash#select from 1.8.1 with the warning message.
(str~=str and ~str remain even in 1.8.1.)
– Minero Aoki
Special Thanks: SugHimsi, U.Nakamura, Hiroharu Sugawara, Akinori MUSHA