What does SecurityError actually cover?

Higle · 25 April 2003 14:40

Noob-ish question: So, what does the exception class SecurityError
actually cover? I’ve been unable to find (without looking at the Ruby
source code) a quick and dirty explanation of what kinds of security
issues are caught by SecurityError. I’ve got the Pragmatic book and
the Nutshell book, but neither go into any detail about what the class
catches.

Is there possibly an online resource that I haven’t found that
explains this?

Thanks,
Hig

ts1 · 25 April 2003 14:45

Is there possibly an online resource that I haven't found that
explains this?

Chapter 20 "Locking Ruby in the Safe" (p. 257)

pigeon% ruby -T1 -e 1
ruby: No -e allowed in tainted mode (SecurityError)
pigeon%

Guy Decoux

Gennady1 · 25 April 2003 14:47

Try to increase Ruby safe level and do something with external resources,
for example:

$SAFE = 4
system(“ls”)

You’ll get:
test.rb:3:in `system’: Insecure operation - system (SecurityError)
from test.rb:2

Gennady.

···

----- Original Message -----
From: “higle” higle@hotmail.com
Newsgroups: comp.lang.ruby
To: “ruby-talk ML” ruby-talk@ruby-lang.org
Sent: Friday, April 25, 2003 7:40 AM
Subject: What does SecurityError actually cover?

Noob-ish question: So, what does the exception class SecurityError
actually cover? I’ve been unable to find (without looking at the Ruby
source code) a quick and dirty explanation of what kinds of security
issues are caught by SecurityError. I’ve got the Pragmatic book and
the Nutshell book, but neither go into any detail about what the class
catches.

Is there possibly an online resource that I haven’t found that
explains this?

Thanks,
Hig

Chris18 · 25 April 2003 14:47

Noob-ish question: So, what does the exception class SecurityError
actually cover?

···

----- Original Message -----
From: “higle” higle@hotmail.com

I’m not sure if this answers your question, but:

I think security errors mean you are trying to do something in $SAFE mode of
1 or higher with tainted data.

Try untainting the data (after very carefully determining that it is safe
data) and see if that helps.

Chris

Higle · 28 April 2003 20:44

Wow, duh! Yeah, I had the wrong idea of what SecurityError was
actually doing. I think I’ve got 'er now!

Thanks much,
Hig

Topic		Replies	Views
Can anybody tell me please! ruby-talk	1	101	25 September 2007
$SAFE inside an Array ruby-talk	1	196	15 July 2015
Strange safe level change ruby-talk	0	64	9 January 2007
Irb bug with $SAFE? ruby-talk	2	178	4 June 2002
Rb_errinfo() "captures" more than exceptions, but also Interrupt and SystemExit ruby-talk	2	146	2 May 2012

What does SecurityError actually cover?

Related topics