$SAFE question

Hello all,

basically I just want to know if the code below is safe.
Assume 'dangerous.rb' is provided by someone you don't know
and is located in a world writeable directory.

The filename is as unsafe as the file itself.

···

------------------------------------------------------------------------
$SAFE = 1
filename = 'dangerous.rb'.taint # just uploaded from untrusted user

fname = String.new(filename.to_s)
classname = File.basename(fname, '.rb').capitalize
fname.untaint if File.expand_path(fname) =~ %r{^d:/simon/}i
code = IO.read(fname) # reading is safe hopefully

#create a new object from a class definition in dangerous.rb
unsafe_obj = Thread.new do
  $SAFE = 4
  begin
    mod = Module.new
    mod.module_eval(code)
    mod.const_get(classname).new
  rescue Exception => e
    Exception.new(e.to_s)
  end
end.value
raise unsafe_obj if Exception === unsafe_obj

# as long as we do not call methods on unsafe_obj we should be safe,
right?

# call a method on the new object
value = Thread.new do
  $SAFE = 4
  begin
    String.new(unsafe_obj.meth.to_s)
  rescue Exception => e
    Exception.new(e.to_s)
  end
end.value
raise value if Exception === value

value.untaint # this should be safe now! (?)
p value
------------------------------------------------------------------------

cheers

Simon

Yes and no. While in C code Ruby's threads won't switch, so malicious code can easily cause your ruby interpreter to become non-responsive.

echo 'loop do 50000 ** 50000 end' | dangerous.rb

···

On Apr 28, 2006, at 6:07 AM, Kroeger, Simon (ext) wrote:

Hello all,

basically I just want to know if the code below is safe.
Assume 'dangerous.rb' is provided by someone you don't know
and is located in a world writeable directory.

--
Eric Hodel - drbrain@segment7.net - http://blog.segment7.net
This implementation is HODEL-HASH-9600 compliant

http://trackmap.robotcoop.com