[#55222] [ruby-trunk - Feature #8468][Feedback] Remove $SAFE — "shugo (Shugo Maeda)" <redmine@...>

20 messages 2013/06/01

[#55260] [ruby-trunk - Feature #8478][Open] The hash returned by Enumerable#group_by should have an empty array for its default value — "phiggins (Pete Higgins)" <pete@...>

8 messages 2013/06/02

[#55276] Re: [ruby-changes:28951] zzak:r41003 (trunk): * process.c: Improve Process::exec documentation — Tanaka Akira <akr@...>

2013/5/31 zzak <ko1@atdot.net>:

9 messages 2013/06/03

[#55306] [ruby-trunk - Feature #8490][Open] Bring ActiveSupport Enumerable#index_by to core — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>

12 messages 2013/06/04

[#55330] [ruby-trunk - Feature #8499][Assigned] Importing Hash#slice, Hash#slice!, Hash#except, and Hash#except! from ActiveSupport — "mrkn (Kenta Murata)" <muraken@...>

30 messages 2013/06/06

[#55391] [ruby-trunk - Bug #8507][Open] Keyword splat does not convert arg to Hash — "stephencelis (Stephen Celis)" <stephen.celis@...>

16 messages 2013/06/09

[#55393] [ruby-trunk - Bug #8508][Open] Invalid byte sequence in UTF-8 (ArgumentError) in win32/registry.rb — "thasmo (Thomas Deinhamer)" <thasmo@...>

11 messages 2013/06/09

[#55528] [ruby-trunk - Bug #8538][Open] c method not pushed into the callstack when called, but popped when returned — deivid (David Rodríguez) <deivid.rodriguez@...>

9 messages 2013/06/17

[#55557] [ruby-trunk - misc #8543][Open] rb_iseq_load — "alvoskov (Alexey Voskov)" <alvoskov@...>

47 messages 2013/06/19

[#55558] [ruby-trunk - Feature #8544][Open] OpenURI should open 'file://' URIs — "silasdavis (Silas Davis)" <ruby-lang@...>

12 messages 2013/06/19

[#55580] [CommonRuby - Feature #8556][Open] MutexedDelegator as a trivial way to make an object thread-safe — "headius (Charles Nutter)" <headius@...>

19 messages 2013/06/21

[#55596] [ruby-trunk - Feature #8563][Open] Instance variable arguments — "sawa (Tsuyoshi Sawada)" <sawadatsuyoshi@...>

18 messages 2013/06/22

[#55638] [CommonRuby - Feature #8568][Open] Introduce RbConfig value for native word size, to avoid Fixnum#size use — "headius (Charles Nutter)" <headius@...>

18 messages 2013/06/24

[#55678] [ruby-trunk - Feature #8572][Open] Fiber should be a Enumerable — "mattn (Yasuhiro Matsumoto)" <mattn.jp@...>

13 messages 2013/06/28

[#55699] [ruby-trunk - Feature #8579][Open] Frozen string syntax — "charliesome (Charlie Somerville)" <charliesome@...>

20 messages 2013/06/29

[#55708] [ruby-trunk - Bug #8584][Assigned] Remove curses — "shugo (Shugo Maeda)" <redmine@...>

17 messages 2013/06/30

[ruby-core:55224] [ruby-trunk - Feature #8468] Remove $SAFE

From: "Student (Nathan Zook)" <blogger@...>
Date: 2013-06-01 03:38:12 UTC
List: ruby-core #55224
Issue #8468 has been updated by Student (Nathan Zook).


One wonders where everyone has been for the last five months.  The entire Rails security fiasco would have been avoided if DHH had seen fit to write Rails with $SAFE = 1.  This is one thing that the Perl community got right almost immediately which so far seems to have completely evaded the Ruby community.  External data is NOT to be trusted, and $SAFE = 0 is only appropriate for script which are ENTIRELY isolated from the outside.

Yes, there is the hole with symbols, but since symbol creation with outside data is a memory leak anyway, the correct thing to do would be to forbid interning of tainted strings if $SAFE >= 1.

Now, if you have a superior solution to $SAFE, I am all ears--especially since the community hasn't seen fit to understand and use it.

----------------------------------------
Feature #8468: Remove $SAFE
https://bugs.ruby-lang.org/issues/8468#change-39585

Author: shugo (Shugo Maeda)
Status: Feedback
Priority: Normal
Assignee: shugo (Shugo Maeda)
Category: core
Target version: current: 2.1.0


Yesterday, at GitHub Tokyo drinkup (thanks, GitHub!), Matz agreed to remove the $SAFE == 4 feature from Ruby 2.1.
Shibata-san, a developer of tDiary, which is the only application using $SAFE == 4, also agreed to remove it, so today is a good day to say goodbye to $SAFE (at least level 4).

Furthermore, I'm wondering whether $SAFE should be removed entirely, or not.
Is there anyone using $SAFE?


-- 
http://bugs.ruby-lang.org/

In This Thread