[前][次][番号順一覧][スレッド一覧]

ruby-changes:30529

From: ktsj <ko1@a...>
Date: Sun, 18 Aug 2013 19:36:59 +0900 (JST)
Subject: [ruby-changes:30529] ktsj:r42608 (trunk): * error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb:

ktsj	2013-08-18 19:36:51 +0900 (Sun, 18 Aug 2013)

  New Revision: 42608

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=42608

  Log:
    * error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb:
      $SAFE=4 is obsolete.

  Modified files:
    trunk/ChangeLog
    trunk/bin/erb
    trunk/error.c
    trunk/file.c
    trunk/gc.c
    trunk/hash.c
    trunk/thread.c
    trunk/variable.c
    trunk/vm_eval.c
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 42607)
+++ ChangeLog	(revision 42608)
@@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Sun Aug 18 19:32:26 2013  Kazuki Tsujimoto  <kazuki@c...>
+
+	* error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb:
+	  $SAFE=4 is obsolete.
+
 Sun Aug 18 14:30:47 2013  Tanaka Akira  <akr@f...>
 
 	* process.c (rb_clock_gettime): Rename POSIX_TIME_CLOCK_REALTIME to
Index: variable.c
===================================================================
--- variable.c	(revision 42607)
+++ variable.c	(revision 42608)
@@ -782,8 +782,6 @@ rb_gvar_set(struct global_entry *entry, https://github.com/ruby/ruby/blob/trunk/variable.c#L782
     struct trace_data trace;
     struct global_variable *var = entry->var;
 
-    if (rb_safe_level() >= 4)
-	rb_raise(rb_eSecurityError, "Insecure: can't change global variable value");
     (*var->setter)(val, entry->id, var->data, var);
 
     if (var->trace && !var->block_trace) {
@@ -860,9 +858,6 @@ rb_alias_variable(ID name1, ID name2) https://github.com/ruby/ruby/blob/trunk/variable.c#L858
     struct global_entry *entry1, *entry2;
     st_data_t data1;
 
-    if (rb_safe_level() >= 4)
-	rb_raise(rb_eSecurityError, "Insecure: can't alias global variable");
-
     entry2 = rb_global_entry(name2);
     if (!st_lookup(rb_global_tbl, (st_data_t)name1, &data1)) {
 	entry1 = ALLOC(struct global_entry);
Index: vm_eval.c
===================================================================
--- vm_eval.c	(revision 42607)
+++ vm_eval.c	(revision 42608)
@@ -1337,16 +1337,7 @@ rb_f_eval(int argc, VALUE *argv, VALUE s https://github.com/ruby/ruby/blob/trunk/vm_eval.c#L1337
     int line = 1;
 
     rb_scan_args(argc, argv, "13", &src, &scope, &vfile, &vline);
-    if (rb_safe_level() >= 4) {
-	StringValue(src);
-	if (!NIL_P(scope) && !OBJ_TAINTED(scope)) {
-	    rb_raise(rb_eSecurityError,
-		     "Insecure: can't modify trusted binding");
-	}
-    }
-    else {
-	SafeStringValue(src);
-    }
+    SafeStringValue(src);
     if (argc >= 3) {
 	StringValue(vfile);
     }
@@ -1551,12 +1542,7 @@ eval_under(VALUE under, VALUE self, VALU https://github.com/ruby/ruby/blob/trunk/vm_eval.c#L1542
     if (SPECIAL_CONST_P(self) && !NIL_P(under)) {
 	cref->flags |= NODE_FL_CREF_PUSHED_BY_EVAL;
     }
-    if (rb_safe_level() >= 4) {
-	StringValue(src);
-    }
-    else {
-	SafeStringValue(src);
-    }
+    SafeStringValue(src);
 
     return eval_string_with_cref(self, src, Qnil, cref, file, line);
 }
@@ -1573,12 +1559,7 @@ specific_eval(int argc, VALUE *argv, VAL https://github.com/ruby/ruby/blob/trunk/vm_eval.c#L1559
 	int line = 1;
 
 	rb_check_arity(argc, 1, 3);
-	if (rb_safe_level() >= 4) {
-	    StringValue(argv[0]);
-	}
-	else {
-	    SafeStringValue(argv[0]);
-	}
+	SafeStringValue(argv[0]);
 	if (argc > 2)
 	    line = NUM2INT(argv[2]);
 	if (argc > 1) {
Index: thread.c
===================================================================
--- thread.c	(revision 42607)
+++ thread.c	(revision 42608)
@@ -541,10 +541,6 @@ thread_start_func_2(rb_thread_t *th, VAL https://github.com/ruby/ruby/blob/trunk/thread.c#L541
 	    if (state == TAG_FATAL) {
 		/* fatal error within this thread, need to stop whole script */
 	    }
-	    else if (th->safe_level >= 4) {
-		/* Ignore it. Main thread shouldn't be harmed from untrusted thread. */
-		errinfo = Qnil;
-	    }
 	    else if (rb_obj_is_kind_of(errinfo, rb_eSystemExit)) {
 		/* exit on main_thread. */
 	    }
@@ -2176,8 +2172,6 @@ rb_thread_kill(VALUE thread) https://github.com/ruby/ruby/blob/trunk/thread.c#L2172
 
     GetThreadPtr(thread, th);
 
-    if (th != GET_THREAD() && th->safe_level < 4) {
-    }
     if (th->to_kill || th->status == THREAD_KILLED) {
 	return thread;
     }
@@ -2741,9 +2735,6 @@ rb_thread_local_aref(VALUE thread, ID id https://github.com/ruby/ruby/blob/trunk/thread.c#L2735
     st_data_t val;
 
     GetThreadPtr(thread, th);
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: thread locals");
-    }
     if (!th->local_storage) {
 	return Qnil;
     }
@@ -2827,9 +2818,6 @@ rb_thread_local_aset(VALUE thread, ID id https://github.com/ruby/ruby/blob/trunk/thread.c#L2818
     rb_thread_t *th;
     GetThreadPtr(thread, th);
 
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: can't modify thread locals");
-    }
     if (OBJ_FROZEN(thread)) {
 	rb_error_frozen("thread locals");
     }
@@ -2898,15 +2886,8 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/thread.c#L2886
 rb_thread_variable_get(VALUE thread, VALUE key)
 {
     VALUE locals;
-    rb_thread_t *th;
     ID id = rb_check_id(&key);
 
-    GetThreadPtr(thread, th);
-
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: can't access thread locals");
-    }
-
     if (!id) return Qnil;
     locals = rb_ivar_get(thread, id_locals);
     return rb_hash_aref(locals, ID2SYM(id));
@@ -2925,13 +2906,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/thread.c#L2906
 rb_thread_variable_set(VALUE thread, VALUE id, VALUE val)
 {
     VALUE locals;
-    rb_thread_t *th;
 
-    GetThreadPtr(thread, th);
-
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: can't modify thread locals");
-    }
     if (OBJ_FROZEN(thread)) {
 	rb_error_frozen("thread locals");
     }
Index: gc.c
===================================================================
--- gc.c	(revision 42607)
+++ gc.c	(revision 42608)
@@ -4578,7 +4578,7 @@ rb_memerror(void) https://github.com/ruby/ruby/blob/trunk/gc.c#L4578
 {
     rb_thread_t *th = GET_THREAD();
     if (!nomem_error ||
-	(rb_thread_raised_p(th, RAISED_NOMEMORY) && rb_safe_level() < 4)) {
+	rb_thread_raised_p(th, RAISED_NOMEMORY)) {
 	fprintf(stderr, "[FATAL] failed to allocate memory\n");
 	exit(EXIT_FAILURE);
     }
Index: hash.c
===================================================================
--- hash.c	(revision 42607)
+++ hash.c	(revision 42608)
@@ -2714,10 +2714,6 @@ env_aset(VALUE obj, VALUE nm, VALUE val) https://github.com/ruby/ruby/blob/trunk/hash.c#L2714
 {
     char *name, *value;
 
-    if (rb_safe_level() >= 4) {
-	rb_raise(rb_eSecurityError, "can't change environment variable");
-    }
-
     if (NIL_P(val)) {
 	env_delete(obj, nm);
 	return Qnil;
Index: error.c
===================================================================
--- error.c	(revision 42607)
+++ error.c	(revision 42608)
@@ -2030,10 +2030,6 @@ rb_check_frozen(VALUE obj) https://github.com/ruby/ruby/blob/trunk/error.c#L2030
 void
 rb_error_untrusted(VALUE obj)
 {
-    if (rb_safe_level() >= 4) {
-	rb_raise(rb_eSecurityError, "Insecure: can't modify %s",
-		 rb_obj_classname(obj));
-    }
 }
 
 #undef rb_check_trusted
Index: bin/erb
===================================================================
--- bin/erb	(revision 42607)
+++ bin/erb	(revision 42608)
@@ -72,7 +72,7 @@ class ERB https://github.com/ruby/ruby/blob/trunk/bin/erb#L72
             require ARGV.req_arg
           when '-S'                        # security level
             arg = ARGV.req_arg
-            raise "invalid safe_level #{arg.dump}" unless arg =~ /^[0-4]$/
+            raise "invalid safe_level #{arg.dump}" unless arg =~ /^[0-3]$/
             safe_level = arg.to_i
           when '-T'                        # trim mode
             arg = ARGV.req_arg
@@ -105,7 +105,7 @@ class ERB https://github.com/ruby/ruby/blob/trunk/bin/erb#L105
   -v               enable verbose mode
   -d               set $DEBUG to true
   -r library       load a library
-  -S safe_level    set $SAFE (0..4)
+  -S safe_level    set $SAFE (0..3)
   -E ex[:in]       set default external/internal encodings
   -U               set default encoding to UTF-8.
   -T trim_mode     specify trim_mode (0..2, -)
Index: file.c
===================================================================
--- file.c	(revision 42607)
+++ file.c	(revision 42608)
@@ -5428,10 +5428,6 @@ rb_find_file_ext_safe(VALUE *filep, cons https://github.com/ruby/ruby/blob/trunk/file.c#L5428
 	return 0;
     }
 
-    if (safe_level >= 4) {
-	rb_raise(rb_eSecurityError, "loading from non-absolute path %s", f);
-    }
-
     RB_GC_GUARD(load_path) = rb_get_expanded_load_path();
     if (!load_path) return 0;
 
@@ -5493,10 +5489,6 @@ rb_find_file_safe(VALUE path, int safe_l https://github.com/ruby/ruby/blob/trunk/file.c#L5489
 	return path;
     }
 
-    if (safe_level >= 4) {
-	rb_raise(rb_eSecurityError, "loading from non-absolute path %s", f);
-    }
-
     RB_GC_GUARD(load_path) = rb_get_expanded_load_path();
     if (load_path) {
 	long i;

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]