Ruby Buzz Forum - Reducing $SAFE

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

Ruby Buzz Forum
Reducing $SAFE

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Eric Hodel

Posts: 660
Nickname: drbrain
Registered: Mar, 2006

Eric Hodel is a long-time Rubyist and co-founder of Seattle.rb.

Reducing $SAFE

Posted: Aug 30, 2006 6:27 PM

This post originated from an RSS feed registered with Ruby Buzz by Eric Hodel.
Original Post: Reducing $SAFE Feed Title: Segment7 Feed URL: http://blog.segment7.net/articles.rss Feed Description: Posts about and around Ruby, MetaRuby, ruby2c, ZenTest and work at The Robot Co-op.	Latest Ruby Buzz Posts Latest Ruby Buzz Posts by Eric Hodel Latest Posts From Segment7

Ya you are correct, it won't let you change the safe level. I wonder how hard it would be to bypass it though using something like rubyinline?

—Re: $SAFE =4 safe enough? via snacktime

require 'rubygems'
require 'inline'

class DeSafe
  inline do |builder|
    builder.prefix "RUBY_EXTERN int ruby_safe_level;"

    builder.c <<-EOC
      static void
      reduce() {
        ruby_safe_level = 0;
      }
    EOC
  end
end


$SAFE = ARGV.shift.to_i rescue 0

p $SAFE

DeSafe.new.reduce

p $SAFE

$ rm -fr ~/.ruby_inline/; ruby desafe.rb 4
desafe.rb:20:in `write': Insecure operation `write' at level 4 (SecurityError)
        from desafe.rb:20:in `p'
        from desafe.rb:20
$ rm -fr ~/.ruby_inline/; ruby desafe.rb 3
3
0

Read: Reducing $SAFE

Previous Topic

Next Topic


	Web Artima.com