ruby-changes:30529
From: ktsj <ko1@a...>
Date: Sun, 18 Aug 2013 19:36:59 +0900 (JST)
Subject: [ruby-changes:30529] ktsj:r42608 (trunk): * error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb:
ktsj 2013-08-18 19:36:51 +0900 (Sun, 18 Aug 2013) New Revision: 42608 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=42608 Log: * error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb: $SAFE=4 is obsolete. Modified files: trunk/ChangeLog trunk/bin/erb trunk/error.c trunk/file.c trunk/gc.c trunk/hash.c trunk/thread.c trunk/variable.c trunk/vm_eval.c Index: ChangeLog =================================================================== --- ChangeLog (revision 42607) +++ ChangeLog (revision 42608) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sun Aug 18 19:32:26 2013 Kazuki Tsujimoto <kazuki@c...> + + * error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb: + $SAFE=4 is obsolete. + Sun Aug 18 14:30:47 2013 Tanaka Akira <akr@f...> * process.c (rb_clock_gettime): Rename POSIX_TIME_CLOCK_REALTIME to Index: variable.c =================================================================== --- variable.c (revision 42607) +++ variable.c (revision 42608) @@ -782,8 +782,6 @@ rb_gvar_set(struct global_entry *entry, https://github.com/ruby/ruby/blob/trunk/variable.c#L782 struct trace_data trace; struct global_variable *var = entry->var; - if (rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't change global variable value"); (*var->setter)(val, entry->id, var->data, var); if (var->trace && !var->block_trace) { @@ -860,9 +858,6 @@ rb_alias_variable(ID name1, ID name2) https://github.com/ruby/ruby/blob/trunk/variable.c#L858 struct global_entry *entry1, *entry2; st_data_t data1; - if (rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't alias global variable"); - entry2 = rb_global_entry(name2); if (!st_lookup(rb_global_tbl, (st_data_t)name1, &data1)) { entry1 = ALLOC(struct global_entry); Index: vm_eval.c =================================================================== --- vm_eval.c (revision 42607) +++ vm_eval.c (revision 42608) @@ -1337,16 +1337,7 @@ rb_f_eval(int argc, VALUE *argv, VALUE s https://github.com/ruby/ruby/blob/trunk/vm_eval.c#L1337 int line = 1; rb_scan_args(argc, argv, "13", &src, &scope, &vfile, &vline); - if (rb_safe_level() >= 4) { - StringValue(src); - if (!NIL_P(scope) && !OBJ_TAINTED(scope)) { - rb_raise(rb_eSecurityError, - "Insecure: can't modify trusted binding"); - } - } - else { - SafeStringValue(src); - } + SafeStringValue(src); if (argc >= 3) { StringValue(vfile); } @@ -1551,12 +1542,7 @@ eval_under(VALUE under, VALUE self, VALU https://github.com/ruby/ruby/blob/trunk/vm_eval.c#L1542 if (SPECIAL_CONST_P(self) && !NIL_P(under)) { cref->flags |= NODE_FL_CREF_PUSHED_BY_EVAL; } - if (rb_safe_level() >= 4) { - StringValue(src); - } - else { - SafeStringValue(src); - } + SafeStringValue(src); return eval_string_with_cref(self, src, Qnil, cref, file, line); } @@ -1573,12 +1559,7 @@ specific_eval(int argc, VALUE *argv, VAL https://github.com/ruby/ruby/blob/trunk/vm_eval.c#L1559 int line = 1; rb_check_arity(argc, 1, 3); - if (rb_safe_level() >= 4) { - StringValue(argv[0]); - } - else { - SafeStringValue(argv[0]); - } + SafeStringValue(argv[0]); if (argc > 2) line = NUM2INT(argv[2]); if (argc > 1) { Index: thread.c =================================================================== --- thread.c (revision 42607) +++ thread.c (revision 42608) @@ -541,10 +541,6 @@ thread_start_func_2(rb_thread_t *th, VAL https://github.com/ruby/ruby/blob/trunk/thread.c#L541 if (state == TAG_FATAL) { /* fatal error within this thread, need to stop whole script */ } - else if (th->safe_level >= 4) { - /* Ignore it. Main thread shouldn't be harmed from untrusted thread. */ - errinfo = Qnil; - } else if (rb_obj_is_kind_of(errinfo, rb_eSystemExit)) { /* exit on main_thread. */ } @@ -2176,8 +2172,6 @@ rb_thread_kill(VALUE thread) https://github.com/ruby/ruby/blob/trunk/thread.c#L2172 GetThreadPtr(thread, th); - if (th != GET_THREAD() && th->safe_level < 4) { - } if (th->to_kill || th->status == THREAD_KILLED) { return thread; } @@ -2741,9 +2735,6 @@ rb_thread_local_aref(VALUE thread, ID id https://github.com/ruby/ruby/blob/trunk/thread.c#L2735 st_data_t val; GetThreadPtr(thread, th); - if (rb_safe_level() >= 4 && th != GET_THREAD()) { - rb_raise(rb_eSecurityError, "Insecure: thread locals"); - } if (!th->local_storage) { return Qnil; } @@ -2827,9 +2818,6 @@ rb_thread_local_aset(VALUE thread, ID id https://github.com/ruby/ruby/blob/trunk/thread.c#L2818 rb_thread_t *th; GetThreadPtr(thread, th); - if (rb_safe_level() >= 4 && th != GET_THREAD()) { - rb_raise(rb_eSecurityError, "Insecure: can't modify thread locals"); - } if (OBJ_FROZEN(thread)) { rb_error_frozen("thread locals"); } @@ -2898,15 +2886,8 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/thread.c#L2886 rb_thread_variable_get(VALUE thread, VALUE key) { VALUE locals; - rb_thread_t *th; ID id = rb_check_id(&key); - GetThreadPtr(thread, th); - - if (rb_safe_level() >= 4 && th != GET_THREAD()) { - rb_raise(rb_eSecurityError, "Insecure: can't access thread locals"); - } - if (!id) return Qnil; locals = rb_ivar_get(thread, id_locals); return rb_hash_aref(locals, ID2SYM(id)); @@ -2925,13 +2906,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/thread.c#L2906 rb_thread_variable_set(VALUE thread, VALUE id, VALUE val) { VALUE locals; - rb_thread_t *th; - GetThreadPtr(thread, th); - - if (rb_safe_level() >= 4 && th != GET_THREAD()) { - rb_raise(rb_eSecurityError, "Insecure: can't modify thread locals"); - } if (OBJ_FROZEN(thread)) { rb_error_frozen("thread locals"); } Index: gc.c =================================================================== --- gc.c (revision 42607) +++ gc.c (revision 42608) @@ -4578,7 +4578,7 @@ rb_memerror(void) https://github.com/ruby/ruby/blob/trunk/gc.c#L4578 { rb_thread_t *th = GET_THREAD(); if (!nomem_error || - (rb_thread_raised_p(th, RAISED_NOMEMORY) && rb_safe_level() < 4)) { + rb_thread_raised_p(th, RAISED_NOMEMORY)) { fprintf(stderr, "[FATAL] failed to allocate memory\n"); exit(EXIT_FAILURE); } Index: hash.c =================================================================== --- hash.c (revision 42607) +++ hash.c (revision 42608) @@ -2714,10 +2714,6 @@ env_aset(VALUE obj, VALUE nm, VALUE val) https://github.com/ruby/ruby/blob/trunk/hash.c#L2714 { char *name, *value; - if (rb_safe_level() >= 4) { - rb_raise(rb_eSecurityError, "can't change environment variable"); - } - if (NIL_P(val)) { env_delete(obj, nm); return Qnil; Index: error.c =================================================================== --- error.c (revision 42607) +++ error.c (revision 42608) @@ -2030,10 +2030,6 @@ rb_check_frozen(VALUE obj) https://github.com/ruby/ruby/blob/trunk/error.c#L2030 void rb_error_untrusted(VALUE obj) { - if (rb_safe_level() >= 4) { - rb_raise(rb_eSecurityError, "Insecure: can't modify %s", - rb_obj_classname(obj)); - } } #undef rb_check_trusted Index: bin/erb =================================================================== --- bin/erb (revision 42607) +++ bin/erb (revision 42608) @@ -72,7 +72,7 @@ class ERB https://github.com/ruby/ruby/blob/trunk/bin/erb#L72 require ARGV.req_arg when '-S' # security level arg = ARGV.req_arg - raise "invalid safe_level #{arg.dump}" unless arg =~ /^[0-4]$/ + raise "invalid safe_level #{arg.dump}" unless arg =~ /^[0-3]$/ safe_level = arg.to_i when '-T' # trim mode arg = ARGV.req_arg @@ -105,7 +105,7 @@ class ERB https://github.com/ruby/ruby/blob/trunk/bin/erb#L105 -v enable verbose mode -d set $DEBUG to true -r library load a library - -S safe_level set $SAFE (0..4) + -S safe_level set $SAFE (0..3) -E ex[:in] set default external/internal encodings -U set default encoding to UTF-8. -T trim_mode specify trim_mode (0..2, -) Index: file.c =================================================================== --- file.c (revision 42607) +++ file.c (revision 42608) @@ -5428,10 +5428,6 @@ rb_find_file_ext_safe(VALUE *filep, cons https://github.com/ruby/ruby/blob/trunk/file.c#L5428 return 0; } - if (safe_level >= 4) { - rb_raise(rb_eSecurityError, "loading from non-absolute path %s", f); - } - RB_GC_GUARD(load_path) = rb_get_expanded_load_path(); if (!load_path) return 0; @@ -5493,10 +5489,6 @@ rb_find_file_safe(VALUE path, int safe_l https://github.com/ruby/ruby/blob/trunk/file.c#L5489 return path; } - if (safe_level >= 4) { - rb_raise(rb_eSecurityError, "loading from non-absolute path %s", f); - } - RB_GC_GUARD(load_path) = rb_get_expanded_load_path(); if (load_path) { long i; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/