ruby-changes:8533
From: nobu <ko1@a...>
Date: Fri, 31 Oct 2008 08:17:54 +0900 (JST)
Subject: [ruby-changes:8533] Ruby:r20067 (trunk): * ruby.c (process_options): delays setting safe level.
nobu 2008-10-31 08:16:16 +0900 (Fri, 31 Oct 2008) New Revision: 20067 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=20067 Log: * ruby.c (process_options): delays setting safe level. [ruby-dev:36997] Modified files: trunk/ChangeLog trunk/ruby.c trunk/test/ruby/test_rubyoptions.rb trunk/version.h Index: ChangeLog =================================================================== --- ChangeLog (revision 20066) +++ ChangeLog (revision 20067) @@ -1,3 +1,8 @@ +Fri Oct 31 08:16:14 2008 Nobuyoshi Nakada <nobu@r...> + + * ruby.c (process_options): delays setting safe level. + [ruby-dev:36997] + Thu Oct 30 21:32:15 2008 Yusuke Endoh <mame@t...> * array.c (rb_ary_permutation): hide temporal array. Index: version.h =================================================================== --- version.h (revision 20066) +++ version.h (revision 20067) @@ -1,7 +1,7 @@ #define RUBY_VERSION "1.9.0" -#define RUBY_RELEASE_DATE "2008-10-30" +#define RUBY_RELEASE_DATE "2008-10-31" #define RUBY_VERSION_CODE 190 -#define RUBY_RELEASE_CODE 20081030 +#define RUBY_RELEASE_CODE 20081031 #define RUBY_PATCHLEVEL 0 #define RUBY_VERSION_MAJOR 1 @@ -9,7 +9,7 @@ #define RUBY_VERSION_TEENY 0 #define RUBY_RELEASE_YEAR 2008 #define RUBY_RELEASE_MONTH 10 -#define RUBY_RELEASE_DAY 30 +#define RUBY_RELEASE_DAY 31 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; Index: ruby.c =================================================================== --- ruby.c (revision 20066) +++ ruby.c (revision 20067) @@ -76,6 +76,7 @@ unsigned int disable; int verbose; int yydebug; + int safe_level; unsigned int setids; unsigned int dump; const char *script; @@ -337,9 +338,17 @@ } #endif +void ruby_init_loadpath_safe(int safe_level); + void ruby_init_loadpath(void) { + ruby_init_loadpath_safe(0); +} + +void +ruby_init_loadpath_safe(int safe_level) +{ VALUE load_path; #if defined LOAD_RELATIVE char libpath[MAXPATHLEN + 1]; @@ -384,7 +393,7 @@ #define incpush(path) rb_ary_push(load_path, rubylib_mangled_path2(path)) load_path = GET_VM()->load_path; - if (rb_safe_level() == 0) { + if (safe_level == 0) { ruby_incpush(getenv("RUBYLIB")); } @@ -412,7 +421,7 @@ #endif incpush(RUBY_RELATIVE(RUBY_ARCHLIB)); - if (rb_safe_level() == 0) { + if (safe_level == 0) { incpush("."); } } @@ -874,7 +883,7 @@ v = 1; s += numlen; } - rb_set_safe_level(v); + if (v > opt->safe_level) opt->safe_level = v; } goto reswitch; @@ -1064,13 +1073,12 @@ const char *s; char fbuf[MAXPATHLEN]; int i = proc_options(argc, argv, opt, 0); - int safe; argc -= i; argv += i; if (!(opt->disable & DISABLE_BIT(rubyopt)) && - rb_safe_level() == 0 && (s = getenv("RUBYOPT"))) { + opt->safe_level == 0 && (s = getenv("RUBYOPT"))) { VALUE src_enc_name = opt->src.enc.name; VALUE ext_enc_name = opt->ext.enc.name; VALUE int_enc_name = opt->intern.enc.name; @@ -1093,7 +1101,7 @@ ruby_show_copyright(); } - if (rb_safe_level() >= 4) { + if (opt->safe_level >= 4) { OBJ_TAINT(rb_argv); OBJ_TAINT(GET_VM()->load_path); } @@ -1133,10 +1141,8 @@ #endif opt->script_name = rb_progname; opt->script = RSTRING_PTR(opt->script_name); - safe = rb_safe_level(); - rb_set_safe_level_force(0); - ruby_init_loadpath(); + ruby_init_loadpath_safe(opt->safe_level); ruby_init_gems(!(opt->disable & DISABLE_BIT(gems))); lenc = rb_locale_encoding(); rb_enc_associate(rb_progname, lenc); @@ -1168,7 +1174,6 @@ ruby_set_argv(argc, argv); process_sflag(opt); - rb_set_safe_level_force(safe); if (opt->e_script) { rb_encoding *eenc; if (opt->src.enc.index >= 0) { @@ -1202,7 +1207,7 @@ process_sflag(opt); opt->xflag = 0; - if (rb_safe_level() >= 4) { + if (opt->safe_level >= 4) { FL_UNSET(rb_argv, FL_TAINT); FL_UNSET(GET_VM()->load_path, FL_TAINT); } @@ -1228,6 +1233,8 @@ return Qtrue; } + rb_set_safe_level(opt->safe_level); + return iseq; } @@ -1531,7 +1538,7 @@ if (uid != euid) opt->setids |= 1; if (egid != gid) opt->setids |= 2; if (uid && opt->setids) { - rb_set_safe_level(1); + if (opt->safe_level < 1) opt->safe_level = 1; } } @@ -1543,7 +1550,7 @@ rb_raise(rb_eSecurityError, "no %s allowed while running setuid", s); if (opt->setids & 2) rb_raise(rb_eSecurityError, "no %s allowed while running setgid", s); - if (rb_safe_level() > 0) + if (opt->safe_level > 0) rb_raise(rb_eSecurityError, "no %s allowed in tainted mode", s); } Index: test/ruby/test_rubyoptions.rb =================================================================== --- test/ruby/test_rubyoptions.rb (revision 20066) +++ test/ruby/test_rubyoptions.rb (revision 20067) @@ -199,12 +199,16 @@ ENV['RUBYOPT'] = ' - -' assert_in_out_err([], "", [], []) + assert_in_out_err(['-e', 'p $:.include?(".")'], "", ["true"], []) + ENV['RUBYOPT'] = '-e "p 1"' assert_in_out_err([], "", [], /invalid switch in RUBYOPT: -e \(RuntimeError\)/) ENV['RUBYOPT'] = '-T1' assert_in_out_err([], "", [], /no program input from stdin allowed in tainted mode \(SecurityError\)/) + assert_in_out_err(['-e', 'p $:.include?(".")'], "", ["false"], []) + ENV['RUBYOPT'] = '-T4' assert_in_out_err([], "", [], /no program input from stdin allowed in tainted mode \(SecurityError\)/) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/