From: shugo <ko1@a...>
Date: Fri, 14 Jun 2013 09:53:48 +0900 (JST)
Subject: [ruby-changes:29238] shugo:r41290 (trunk): * NEWS: add notes for $SAFE.
shugo 2013-06-14 09:53:37 +0900 (Fri, 14 Jun 2013) New Revision: 41290 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=41290 Log: * NEWS: add notes for $SAFE. * doc/security.rd: remove the description of $SAFE=4. Modified files: trunk/ChangeLog trunk/NEWS trunk/doc/security.rdoc Index: doc/security.rdoc =================================================================== --- doc/security.rdoc (revision 41289) +++ doc/security.rdoc (revision 41290) @@ -21,12 +21,7 @@ Ruby provides a mechanism to restrict wh https://github.com/ruby/ruby/blob/trunk/doc/security.rdoc#L21 code in the form of the <code>$SAFE</code> variable. However, <code>$SAFE</code> does not provide a secure environment for executing -untrusted code even at its maximum level of +4+. <code>$SAFE</code> is -inherently flawed as a security mechanism, as it relies on every unsafe -operation performed by any C method to be guarded by a <code>$SAFE</code> -check. If this check is ever missed, the entire security of the system is -compromised. <code>$SAFE</code> also does not offer any protection against -denial of service attacks. +untrusted code. If you need to execute untrusted code, you should use an operating system level sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox Index: ChangeLog =================================================================== --- ChangeLog (revision 41289) +++ ChangeLog (revision 41290) @@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Fri Jun 14 09:48:48 2013 Shugo Maeda <shugo@r...> + + * NEWS: add notes for $SAFE. + + * doc/security.rd: remove the description of $SAFE=4. + Fri Jun 14 00:14:29 2013 Tanaka Akira <akr@f...> * bignum.c (bigdivrem): Zero test condition simplified. Index: NEWS =================================================================== --- NEWS (revision 41289) +++ NEWS (revision 41290) @@ -43,6 +43,10 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/NEWS#L43 === Core classes compatibility issues (excluding feature bug fixes) +* Kernel#untrusted?, untrust, and trust + * These methods are deprecated and their behavior is same as tainted?, + taint, and untaint, respectively. If $VERBOSE is true, they show warnings. + * IO * incompatible changes: * open ignore internal encoding if external encoding is ASCII-8BIT. @@ -120,4 +124,10 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/NEWS#L124 It gets encoding argument to convert before percent encode. UTF-16 strings aren't converted to UTF-8 before percent encode by default. +=== Built-in global variables compatibility issues + +* $SAFE + * $SAFE=4 is obsolete. If $SAFE is set to 4 or larger, an ArgumentError + is raised. + === C API updates -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/