ruby-changes:38851
From: hsbt <ko1@a...>
Date: Wed, 17 Jun 2015 14:30:14 +0900 (JST)
Subject: [ruby-changes:38851] hsbt:r50932 (trunk): * include/ruby/ruby.h: $SAFE=3 is now obsolete.
hsbt 2015-06-17 14:29:51 +0900 (Wed, 17 Jun 2015) New Revision: 50932 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=50932 Log: * include/ruby/ruby.h: $SAFE=3 is now obsolete. * ext/socket/init.c, ext/socket/socket.c, ext/socket/tcpsocket.c ext/socket/udpsocket.c, gc.c, object.c, re.c, safe.c: removed code for $SAFE=3 * bootstraptest/test_method.rb, test/erb/test_erb.rb, test/ruby/test_dir.rb test/ruby/test_file.rb, test/ruby/test_method.rb, test/ruby/test_regexp.rb test/ruby/test_thread.rb: remove tests for $SAFE=3 Modified files: trunk/ChangeLog trunk/bootstraptest/test_method.rb trunk/ext/socket/init.c trunk/ext/socket/socket.c trunk/ext/socket/tcpsocket.c trunk/ext/socket/udpsocket.c trunk/gc.c trunk/include/ruby/ruby.h trunk/object.c trunk/re.c trunk/safe.c trunk/test/erb/test_erb.rb trunk/test/ruby/test_dir.rb trunk/test/ruby/test_file.rb trunk/test/ruby/test_method.rb trunk/test/ruby/test_regexp.rb trunk/test/ruby/test_thread.rb Index: include/ruby/ruby.h =================================================================== --- include/ruby/ruby.h (revision 50931) +++ include/ruby/ruby.h (revision 50932) @@ -572,15 +572,15 @@ VALUE rb_get_path(VALUE); https://github.com/ruby/ruby/blob/trunk/include/ruby/ruby.h#L572 VALUE rb_get_path_no_checksafe(VALUE); #define FilePathStringValue(v) ((v) = rb_get_path_no_checksafe(v)) -#define RUBY_SAFE_LEVEL_MAX 3 +#define RUBY_SAFE_LEVEL_MAX 2 void rb_secure(int); int rb_safe_level(void); void rb_set_safe_level(int); #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)) -int ruby_safe_level_4_error(void) __attribute__((error("$SAFE=4 is obsolete"))); -int ruby_safe_level_4_warning(void) __attribute__((warning("$SAFE=4 is obsolete"))); +int ruby_safe_level_3_error(void) __attribute__((error("$SAFE=3 and 4 is obsolete"))); +int ruby_safe_level_3_warning(void) __attribute__((warning("$SAFE=3 and 4 is obsolete"))); # ifdef RUBY_EXPORT -# define ruby_safe_level_4_warning() ruby_safe_level_4_error() +# define ruby_safe_level_3_warning() ruby_safe_level_3_error() # endif #if defined(HAVE_BUILTIN___BUILTIN_CHOOSE_EXPR_CONSTANT_P) # define RUBY_SAFE_LEVEL_INVALID_P(level) \ @@ -589,7 +589,7 @@ int ruby_safe_level_4_warning(void) __at https://github.com/ruby/ruby/blob/trunk/include/ruby/ruby.h#L589 __builtin_constant_p(level), \ ((level) < 0 || RUBY_SAFE_LEVEL_MAX < (level)), 0)) # define RUBY_SAFE_LEVEL_CHECK(level, type) \ - __extension__(__builtin_choose_expr(RUBY_SAFE_LEVEL_INVALID_P(level), ruby_safe_level_4_##type(), (level))) + __extension__(__builtin_choose_expr(RUBY_SAFE_LEVEL_INVALID_P(level), ruby_safe_level_3_##type(), (level))) #else /* in gcc 4.8 or earlier, __builtin_choose_expr() does not consider * __builtin_constant_p(variable) a constant expression. @@ -598,7 +598,7 @@ int ruby_safe_level_4_warning(void) __at https://github.com/ruby/ruby/blob/trunk/include/ruby/ruby.h#L598 __extension__(__builtin_constant_p(level) && \ ((level) < 0 || RUBY_SAFE_LEVEL_MAX < (level))) # define RUBY_SAFE_LEVEL_CHECK(level, type) \ - (RUBY_SAFE_LEVEL_INVALID_P(level) ? ruby_safe_level_4_##type() : (level)) + (RUBY_SAFE_LEVEL_INVALID_P(level) ? ruby_safe_level_3_##type() : (level)) #endif #define rb_secure(level) rb_secure(RUBY_SAFE_LEVEL_CHECK(level, warning)) #define rb_set_safe_level(level) rb_set_safe_level(RUBY_SAFE_LEVEL_CHECK(level, error)) Index: re.c =================================================================== --- re.c (revision 50931) +++ re.c (revision 50932) @@ -1489,9 +1489,6 @@ rb_reg_search0(VALUE re, VALUE str, long https://github.com/ruby/ruby/blob/trunk/re.c#L1489 if (err) rb_memerror(); } else { - if (rb_safe_level() >= 3) - OBJ_TAINT(match); - else FL_UNSET(match, FL_TAINT); } Index: ChangeLog =================================================================== --- ChangeLog (revision 50931) +++ ChangeLog (revision 50932) @@ -1,3 +1,15 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Wed Jun 17 14:29:43 2015 SHIBATA Hiroshi <hsbt@r...> + + * include/ruby/ruby.h: $SAFE=3 is now obsolete. + + * ext/socket/init.c, ext/socket/socket.c, ext/socket/tcpsocket.c + ext/socket/udpsocket.c, gc.c, object.c, re.c, safe.c: removed code + for $SAFE=3 + + * bootstraptest/test_method.rb, test/erb/test_erb.rb, test/ruby/test_dir.rb + test/ruby/test_file.rb, test/ruby/test_method.rb, test/ruby/test_regexp.rb + test/ruby/test_thread.rb: remove tests for $SAFE=3 + Wed Jun 17 12:13:33 2015 SHIBATA Hiroshi <hsbt@r...> * ChangeLog: added contibutor name. Index: bootstraptest/test_method.rb =================================================================== --- bootstraptest/test_method.rb (revision 50931) +++ bootstraptest/test_method.rb (revision 50932) @@ -922,22 +922,6 @@ assert_equal 'ok', %q{ https://github.com/ruby/ruby/blob/trunk/bootstraptest/test_method.rb#L922 }, '[ruby-core:11998]' assert_equal 'ok', %q{ - proc{ - $SAFE = 3 - class C - def m - :ng - end - end - }.call - begin - C.new.m - rescue SecurityError - :ok - end -}, '[ruby-core:11998]' - -assert_equal 'ok', %q{ class B def m() :fail end end Index: object.c =================================================================== --- object.c (revision 50931) +++ object.c (revision 50932) @@ -70,7 +70,6 @@ rb_obj_setup(VALUE obj, VALUE klass, VAL https://github.com/ruby/ruby/blob/trunk/object.c#L70 { RBASIC(obj)->flags = type; RBASIC_SET_CLASS(obj, klass); - if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT); return obj; } @@ -982,7 +981,6 @@ rb_obj_taint(VALUE obj) https://github.com/ruby/ruby/blob/trunk/object.c#L981 VALUE rb_obj_untaint(VALUE obj) { - rb_secure(3); if (OBJ_TAINTED(obj)) { rb_check_frozen(obj); FL_UNSET(obj, FL_TAINT); Index: gc.c =================================================================== --- gc.c (revision 50931) +++ gc.c (revision 50932) @@ -1719,7 +1719,6 @@ newobj_of(VALUE klass, VALUE flags, VALU https://github.com/ruby/ruby/blob/trunk/gc.c#L1719 /* OBJSETUP */ RBASIC(obj)->flags = flags & ~FL_WB_PROTECTED; RBASIC_SET_CLASS_RAW(obj, klass); - if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT); RANY(obj)->as.values.v1 = v1; RANY(obj)->as.values.v2 = v2; RANY(obj)->as.values.v3 = v3; Index: ext/socket/tcpsocket.c =================================================================== --- ext/socket/tcpsocket.c (revision 50931) +++ ext/socket/tcpsocket.c (revision 50932) @@ -50,7 +50,6 @@ tcp_sockaddr(struct sockaddr *addr, sock https://github.com/ruby/ruby/blob/trunk/ext/socket/tcpsocket.c#L50 static VALUE tcp_s_gethostbyname(VALUE obj, VALUE host) { - rb_secure(3); return rsock_make_hostent(host, rsock_addrinfo(host, Qnil, SOCK_STREAM, AI_CANONNAME), tcp_sockaddr); } Index: ext/socket/udpsocket.c =================================================================== --- ext/socket/udpsocket.c (revision 50931) +++ ext/socket/udpsocket.c (revision 50932) @@ -30,7 +30,6 @@ udp_init(int argc, VALUE *argv, VALUE so https://github.com/ruby/ruby/blob/trunk/ext/socket/udpsocket.c#L30 int family = AF_INET; int fd; - rb_secure(3); if (rb_scan_args(argc, argv, "01", &arg) == 1) { family = rsock_family_arg(arg); } @@ -85,7 +84,6 @@ udp_connect(VALUE sock, VALUE host, VALU https://github.com/ruby/ruby/blob/trunk/ext/socket/udpsocket.c#L84 struct udp_arg arg; VALUE ret; - rb_secure(3); arg.res = rsock_addrinfo(host, port, SOCK_DGRAM, 0); GetOpenFile(sock, fptr); arg.fd = fptr->fd; @@ -114,7 +112,6 @@ udp_bind(VALUE sock, VALUE host, VALUE p https://github.com/ruby/ruby/blob/trunk/ext/socket/udpsocket.c#L112 struct rb_addrinfo *res0; struct addrinfo *res; - rb_secure(3); res0 = rsock_addrinfo(host, port, SOCK_DGRAM, 0); GetOpenFile(sock, fptr); for (res = res0->ai; res; res = res->ai_next) { @@ -267,4 +264,3 @@ rsock_init_udpsocket(void) https://github.com/ruby/ruby/blob/trunk/ext/socket/udpsocket.c#L264 rb_define_method(rb_cUDPSocket, "send", udp_send, -1); rb_define_method(rb_cUDPSocket, "recvfrom_nonblock", udp_recvfrom_nonblock, -1); } - Index: ext/socket/init.c =================================================================== --- ext/socket/init.c (revision 50931) +++ ext/socket/init.c (revision 50932) @@ -555,7 +555,6 @@ rsock_s_accept_nonblock(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/socket/init.c#L555 rb_scan_args(argc, argv, "0:", &opts); - rb_secure(3); rb_io_set_nonblock(fptr); fd2 = cloexec_accept(fptr->fd, (struct sockaddr*)sockaddr, len, 1); if (fd2 < 0) { @@ -598,7 +597,6 @@ rsock_s_accept(VALUE klass, int fd, stru https://github.com/ruby/ruby/blob/trunk/ext/socket/init.c#L597 int retry = 0; struct accept_arg arg; - rb_secure(3); arg.fd = fd; arg.sockaddr = sockaddr; arg.len = len; Index: ext/socket/socket.c =================================================================== --- ext/socket/socket.c (revision 50931) +++ ext/socket/socket.c (revision 50932) @@ -140,7 +140,6 @@ sock_initialize(int argc, VALUE *argv, V https://github.com/ruby/ruby/blob/trunk/ext/socket/socket.c#L140 if (NIL_P(protocol)) protocol = INT2FIX(0); - rb_secure(3); setup_domain_and_type(domain, &d, type, &t); fd = rsock_socket(d, t, NUM2INT(protocol)); if (fd < 0) rb_sys_fail("socket(2)"); @@ -1059,7 +1058,6 @@ sock_gethostname(VALUE obj) https://github.com/ruby/ruby/blob/trunk/ext/socket/socket.c#L1058 char buf[RUBY_MAX_HOST_NAME_LEN+1]; - rb_secure(3); if (gethostname(buf, (int)sizeof buf - 1) < 0) rb_sys_fail("gethostname(3)"); @@ -1076,7 +1074,6 @@ sock_gethostname(VALUE obj) https://github.com/ruby/ruby/blob/trunk/ext/socket/socket.c#L1074 { struct utsname un; - rb_secure(3); uname(&un); return rb_str_new2(un.nodename); } @@ -1143,7 +1140,6 @@ sock_sockaddr(struct sockaddr *addr, soc https://github.com/ruby/ruby/blob/trunk/ext/socket/socket.c#L1140 static VALUE sock_s_gethostbyname(VALUE obj, VALUE host) { - rb_secure(3); return rsock_make_hostent(host, rsock_addrinfo(host, Qnil, SOCK_STREAM, AI_CANONNAME), sock_sockaddr); } Index: safe.c =================================================================== --- safe.c (revision 50931) +++ safe.c (revision 50932) @@ -25,7 +25,7 @@ https://github.com/ruby/ruby/blob/trunk/safe.c#L25 #undef rb_secure #undef rb_set_safe_level -#undef ruby_safe_level_4_warning +#undef ruby_safe_level_3_warning int ruby_safe_level_4_warning(void) @@ -52,7 +52,7 @@ rb_set_safe_level(int level) https://github.com/ruby/ruby/blob/trunk/safe.c#L52 if (level > th->safe_level) { if (level > SAFE_LEVEL_MAX) { - rb_raise(rb_eArgError, "$SAFE=4 is obsolete"); + rb_raise(rb_eArgError, "$SAFE=3 and 4 is obsolete"); } th->safe_level = level; } @@ -79,7 +79,7 @@ safe_setter(VALUE val) https://github.com/ruby/ruby/blob/trunk/safe.c#L79 rb_warning("$SAFE=3 does no sandboxing"); } if (level > SAFE_LEVEL_MAX) { - rb_raise(rb_eArgError, "$SAFE=4 is obsolete"); + rb_raise(rb_eArgError, "$SAFE=3 and 4 is obsolete"); } th->safe_level = level; } Index: test/ruby/test_regexp.rb =================================================================== --- test/ruby/test_regexp.rb (revision 50931) +++ test/ruby/test_regexp.rb (revision 50932) @@ -585,19 +585,6 @@ class TestRegexp < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_regexp.rb#L585 assert_equal(3, "foobarbaz\u3042".rindex(/b../n, 5)) end - def test_taint - m = Thread.new do - "foo"[/foo/] - $SAFE = 3 - /foo/.match("foo") - end.value - assert_predicate(m, :tainted?) - assert_nothing_raised('[ruby-core:26137]') { - m = proc {$SAFE = 3; %r"#{ }"o}.call - } - assert_predicate(m, :tainted?) - end - def assert_regexp(re, ss, fs = [], msg = nil) re = Regexp.new(re) unless re.is_a?(Regexp) ss = [ss] unless ss.is_a?(Array) Index: test/ruby/test_dir.rb =================================================================== --- test/ruby/test_dir.rb (revision 50931) +++ test/ruby/test_dir.rb (revision 50932) @@ -325,21 +325,4 @@ class TestDir < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_dir.rb#L325 end } end - - def test_insecure_chdir - assert_raise(SecurityError) do - proc do - $SAFE=3 - Dir.chdir("/") - end.call - end - m = "\u{79fb 52d5}" - d = Class.new(Dir) {singleton_class.class_eval {alias_method m, :chdir}} - assert_raise_with_message(SecurityError, /#{m}/) do - proc do - $SAFE=3 - d.__send__(m, "/") - end.call - end - end end Index: test/ruby/test_file.rb =================================================================== --- test/ruby/test_file.rb (revision 50931) +++ test/ruby/test_file.rb (revision 50932) @@ -409,12 +409,6 @@ class TestFile < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_file.rb#L409 (0..1).each do |level| assert_nothing_raised(SecurityError, bug5374) {in_safe[level]} end - def (s = Object.new).to_path; "".taint; end - m = "\u{691c 67fb}" - (c = Class.new(File)).singleton_class.class_eval {alias_method m, :stat} - assert_raise_with_message(SecurityError, /#{m}/) { - proc {$SAFE = 3; c.__send__(m, s)}.call - } end if /(bcc|ms|cyg)win|mingw|emx/ =~ RUBY_PLATFORM Index: test/ruby/test_method.rb =================================================================== --- test/ruby/test_method.rb (revision 50931) +++ test/ruby/test_method.rb (revision 50932) @@ -879,19 +879,6 @@ class TestMethod < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_method.rb#L879 assert_equal n , rest_parameter(*(1..n)).size, '[Feature #10440]' end - def test_insecure_method - m = "\u{5371 967a}" - c = Class.new do - proc {$SAFE=3;def foo;end}.call - alias_method m, "foo" - eval "def bar; #{m}; end" - end - obj = c.new - assert_raise_with_message(SecurityError, /#{m}/) do - obj.bar - end - end - class C D = "Const_D" def foo Index: test/ruby/test_thread.rb =================================================================== --- test/ruby/test_thread.rb (revision 50931) +++ test/ruby/test_thread.rb (revision 50932) @@ -389,14 +389,14 @@ class TestThread < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_thread.rb#L389 ok = false t = Thread.new do EnvUtil.suppress_warning do - $SAFE = 3 + $SAFE = 1 end ok = true sleep end Thread.pass until ok assert_equal(0, Thread.current.safe_level) - assert_equal(3, t.safe_level) + assert_equal(1, t.safe_level) ensure t.kill if t Index: test/erb/test_erb.rb =================================================================== --- test/erb/test_erb.rb (revision 50931) +++ test/erb/test_erb.rb (revision 50932) @@ -90,13 +90,6 @@ class TestERBCore < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/erb/test_erb.rb#L90 _test_core(0) _test_core(1) _test_core(2) - orig = $VERBOSE - begin - $VERBOSE = false - _test_core(3) - ensure - $VERBOSE = orig - end end def _test_core(safe) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/