e$BA0ED$G$9!#e(B
e$BEDCf$5$s$K2q$&$?$S$K=q$1$H8@$o$l$k$N$G!“e(B$SAFEe$B$^$o$j$N%I%-%e%a%s%H$NC!$-Bf$re(B
e$B:n$C$F$$^$7$?!#e(B
e$B6X;$5$l$kA`:n$N0lMw$O%j%U%!%l%s%9%^%K%e%”%k$+$i<h$C$FMh$^$7$?$N$G!"<BAu$H$Oe(B
e$BP*N%$,$"$k$+$b$7$l$^$;$s!#e(B
e$B$H$j$"$($:$O!"C!$-Bf$H$$$&$3$H$G!D!#e(B
= Rubye$B%;%-%e%j%F%#%b%G%ke(B
Rubye$B$N%;%-%e%j%F%#%b%G%k$O!"0J2<$Ne(B2e$B$D$N0[$J$kL\E*$N$?$a$KDs6!$5$l$F$$$k!#e(B
: e$B30It$N;q8;$NJ]8ne(B
e$B%W%m%0%i%`30It$+$i$NF~NO%G!<%?$K$h$C$F!"%W%m%0%i%`30It$N;q8;$KBP$9e(B
e$B$k!"%W%m%0%i%^$N0U?^$KH?$7$?A`:n$,9T$o$l$k$3$H$rKI$0$?$a!#$?$H$($P!"e(B
Webe$B%"%W%j%1!<%7%g%s$KBP$7$FIT@5$J%/%(%jJ8;zNs$,M?$($i$l$?>l9g$K!"$=e(B
e$B$NJ8;zNs$r85$K%U%!%$%kA`:n$d30It%3%^%s%I$N<B9T$J$I$NA`:n$,9T$o$l$ke(B
e$B$h$&$J4m81@-$+$i!"%W%m%0%i%`30It$N;q8;$rJ]8n$9$k$3$H$rA[Dj$7$F$$$k!#e(B
: e$B?.Mj$5$l$F$$$J$$%3!<%I$N<B9Te(B
e$B?.Mj$5$l$F$$$J$$%3!<%I$r!"B>$N%G!<%?$+$i3VN%$5$l$?4D6-e(B(e$B%5%s%I%\%C%/e(B
e$B%9e(B)e$BFb$G0BA4$K<B9T$9$k$?$a!#e(B
e$B$?$@$7!"8=:_$Ne(BRubye$B$N<BAu$G$O!"$3$N5!G=$O40A4$G$O$J$$!#>\:Y$K$D$$$Fe(B
e$B$O!V%;!<%U%l%Y%ke(B4e$B$NLdBjE@!W$r;2>H!#e(B
== e$B%*%V%8%’%/%H$N%U%i%0e(B
Rubye$B$N%*%V%8%’%/%H$O!"e(Btaintede$B$He(Buntrustede$B$H8F$P$l$ke(B2e$B$D$N%U%i%0$r;}$D!#e(B
=== tainted
taintede$B$O!"%%V%8%’%/%H$,1x@w$5$l$F$$$k$H$$$&>uBV$rI=$9%U%i%0$G$"$j!"30e(B
e$BIt$N;q8;$NJ]8n$N$?$a$KMxMQ$5$l$k!#e(Btaintede$B%U%i%0$,@_Dj$5$l$?%%V%8%’%/%He(B
e$B$r!V1x@w$5$l$?%%V%8%’%/%H!W!"@_Dj$5$l$F$$$J$$%%V%8%’%/%H$r!V1x@w$5$le(B
e$B$F$$$J$$!W$H8F$V!#e(B
e$B$3$N%U%i%0$O0J2<$N$h$&$J>l9g$K@_Dj$5$l$k!#e(B
e$B%*%V%8%’%/%H$,!"30It$+$i$NF~NOe(B(IOe$B!&%3%^%s%I%i%$%s0z?t!&4D6-JQ?t$J$Ie(B)
e$B$r85$K@8@.$5$l$?>l9g!#4D6-JQ?te(BPATHe$B$@$1$ONc30$G!"CM$K4m81$J%Q%9$r4^$`e(B
e$B>l9g$N$1x@w$5$l$k!#$3$3$G$O4m81$J%Q%9$H$OC/$G$bJQ99!&=q$-9~$$,2DG=e(B
e$B$J%Q%9$r$$$&!#%k!<%H%G%#%l%/%H%j$+$i3,AX$,=gHV$K%A%’%C%/$5$l!“0l2U=je(B
e$B$G$bC/$G$bJQ992DG=$J8D=j$,$”$l$P$=$N%Q%9$O4m81$H$_$J$5$l$k!#e(B
- e$B%*%V%8%’%/%H$,!"%;!<%U%l%Y%ke(B3e$B0J>e$G@8@.$5$l$?>l9g!#e(B
- e$B%%V%8%’%/%H$,!"B>$N1x@w$5$l$?%%V%8%’%/%H$r85$K@8@.$5$l$?>l9g!#e(B
- Object#tainte$B%a%=%C%I$K$h$C$FL@<(E*$K@_Dj$5$l$?>l9g!#e(B
e$B$^$?!"e(BObject#untainte$B%a%=%C%I$K$h$C$F%U%i%0$r=|5n$9$k$3$H$,$G$-$k!#e(B
taintede$B%U%i%0$,@_Dj$5$l$F$$$k$+$I$&$+$O!“e(BObject#tainted?e$B%a%=%C%I$K$h$Ce(B
e$B$F8!::$9$k$3$H$,$G$-$k!#e(BObject#tainted?e$B$O!”%U%i%0$,@_Dj$5$l$F$$$k>l9g$Ke(B
truee$B$r!"@_Dj$5$l$F$$$J$$>l9g$Ke(Bfalsee$B$rJV$9!#e(B
=== untrusted
untrustede$B$O!"%%V%8%’%/%H$,?.Mj$5$l$F$$$J$$%3!<%I$K$h$C$F@8@.$5$l$?$H$$$&>ue(B
e$BBV$rI=$9%U%i%0$G$"$j!"?.Mj$5$l$F$$$J$$%3!<%I$r%5%s%I%%C%/%9Fb$G0BA4$K<B9Te(B
e$B$9$k$?$a$KMxMQ$5$l$k!#e(Buntrustede$B%U%i%0$,@_Dj$5$l$?%%V%8%’%/%H$r!V?.Mj$5e(B
e$B$l$F$$$J$$%%V%8%’%/%H!W!"@_Dj$5$l$F$$$J$$%%V%8%’%/%H$r!V?.Mj$5$l$?%*e(B
e$B%V%8%’%/%H!W$H8F$V!#e(B
e$B$3$N%U%i%0$O0J2<$N$h$&$J>l9g$K@_Dj$5$l$k!#e(B
- e$B%*%V%8%’%/%H$,!"%;!<%U%l%Y%ke(B3e$B0J>e$G@8@.$5$l$?>l9ge(B
e$B%%V%8%’%/%H$,!"B>$N?.Mj$5$l$F$$$J$$%%V%8%’%/%H$r85$K@8@.$5$l$?>l9ge(B
- Object#untruste$B%a%=%C%I$K$h$C$FL@<(E*$K%U%i%0$r@_Dj$5$l$?>l9ge(B
e$B$^$?!"e(BObject#truste$B%a%=%C%I$K$h$C$F%U%i%0$r=|5n$9$k$3$H$,$G$-$k!#e(B
untrustede$B%U%i%0$,@_Dj$5$l$F$$$k$+$I$&$+$O!“e(BObject#untrusted?e$B%a%=%C%I$Ke(B
e$B$h$C$F8!::$9$k$3$H$,$G$-$k!#e(BObject#untrusted?e$B$O!”%U%i%0$,@_Dj$5$l$F$$$ke(B
e$B>l9g$Ke(Btruee$B$r!"@_Dj$5$l$F$$$J$$>l9g$Ke(Bfalsee$B$rJV$9!#e(B
== e$B%;!<%U%l%Y%ke(B
Rubye$B$N%;%-%e%j%F%#%A%’%C%/5!G=$O!"%;!<%U%l%Y%k$K$h$C$F@)8f$5$l$k!#%;!<e(B
e$B%U%l%Y%k$O%9%l%C%I%m!<%+%kJQ?te(B$SAFEe$B$G@_Dj$9$k!#%9%l%C%I$,:n@.$5$l$?>l9ge(B
e$B$O!"?F%9%l%C%I$Ne(B$SAFEe$B$NCM$r0z$-7Q$0!#e(B
e$B%G%U%)%k%H$G$O!"%;!<%U%l%Y%k$Oe(B0e$B$G$"$k!#%;!<%U%l%Y%k$O!"e(BRubye$B$N5/F0%*%W%7%ge(B
e$B%se(B-Te$B$G@_Dj$9$k$3$H$,$G$-$k!#e(B
$SAFE e$B$NCM$r8=:_$NCM$h$j>.$5$/JQ99$9$k;v$O$G$-$J$$!#e(B
$ ruby -e ‘$SAFE = 1; $SAFE = 0’
-e:1:in `’: tried to downgrade safe level from 1 to 0
(SecurityError)
Proce$B%%V%8%’%/%H$N%V%m%C%/Fb$Ge(B$SAFEe$B$NCM$,@_Dj$5$l$?>l9g$O!"e(BProce$B%%V%8%'e(B
e$B%/%H$N<B9T=*N;8e$Ke(B$SAFEe$B$NCM$O<B9TA0$N>uBV$KLa$5$l$k!#e(B
$ ruby -e ‘lambda { $SAFE = 1 }.call; p $SAFE’
0
e$B3F%;!<%U%l%Y%k$G$O!"0J2<$N$h$&$J%A%’%C%/$,9T$o$l!"6X;_$5$l$?A`:n$,<B9Te(B
e$B$5$l$?>l9g$K$Oe(BSecurityErrore$BNc30$,H/@8$9$k!#e(B
=== e$B%l%Y%ke(B0
e$B%G%U%)%k%H$N%;!<%U%l%Y%k!#e(B
==== e$B6X;_$5$l$kA`:ne(B
e$B%l%Y%ke(B0e$B$G$O!"6X;_$5$l$kA`:n$O2?$b$J$$!#e(B
=== e$B%l%Y%ke(B1
e$B%l%Y%ke(B1e$B$G$O!"%W%m%0%i%30It$+$i$NF~NO%G!<%?$K$h$C$F!"%W%m%0%i%30It$N;qe(B
e$B8;$KBP$9$k!"%W%m%0%i%^$N0U?^$KH?$7$?A`:n$,9T$o$l$k$3$H$rKI$0$?$a!#e(B
==== e$B6X;_$5$l$kA`:ne(B
- e$B1x@w$5$l$?J8;zNs$r0z?t$H$7$?0J2<$NA`:ne(B
-
Dir, IO, Filee$B!“e(BFileTeste$B$N%/%i%9%a%=%C%I!”%a%=%C%Ie(B
$ ruby -e ‘$SAFE = 1; open(ARGV[0])’ hoge
-e:1:ininitialize': Insecure operation - initialize (SecurityError) from -e:1:inopen’
from -e:1 -
e$B%U%!%$%k%F%9%H1i;;;R$N;HMQ!"%U%!%$%k$N99?7;~9oHf3Se(B
-
e$B30It%3%^%s%I<B9Te(B(system, exec, ``)
-
eval (e$B%l%Y%ke(B4e$B$N@bL@$b;2>He(B)
-
e$B%H%C%W%l%Y%k$X$Ne(Bload(e$BBhFs0z?t$r;XDj$7$F%i%C%W$9$l$P<B9T2DG=e(B)
- require
- trap
- e$B30It$N;q8;$KBP$9$k$=$NB>$NA`:ne(B
e$B30It%3%^%s%I<B9Te(B(e$B4D6-JQ?te(BPATHe$B$K4m81$J%Q%9$r4^$s$G$$$k>l9g$N$_e(B)
=== e$B%l%Y%ke(B2
==== e$B6X;_$5$l$kA`:ne(B
e$B%l%Y%ke(B1e$B$G6X;$5$l$kA:n$K2C$($F!"0J2<$NA:n$,6X;$5$l$k!#e(B
- Dir.chdir Dir.chroot Dir.mkdir Dir.rmdir
- File.chown File.chmod File.umask File.truncate File#lstat File#chmod
File#chown File#delete File#unlink File#truncate File#flock
e$B$*$h$Se(BFileTeste$B%b%8%e!<%k$N%a%=%C%Ie(B - IO#ioctl, IO#fcntl
- Process.fork Process.setpgid Process.setsid Process.setpriority
Process.egid= Process.kill - e$B4m81$J%Q%9$+$i$Ne(Bload
- e$B1x@w$5$l$?J8;zNs$r0z?t$K$7$F$Ne(Bload(e$B%i%C%W$5$l$F$$$F$be(B)
- syscall
- exit!
- trap
=== e$B%l%Y%ke(B3
e$B%l%Y%ke(B3e$B$O!"?.Mj$5$l$F$$$J$$%3!<%I$r<B9T$9$k$?$a$N4D6-$r:n@.$9$k$?$a$KMxe(B
e$BMQ$5$l$k!#%l%Y%ke(B3e$B$G@8@.$5$l$k%%V%8%’%/%H$K$O!"e(Btaintede$B$$h$Se(Buntrustede$B%Ue(B
e$B%i%0$,@_Dj$5$l$k!#e(B
==== e$B6X;_$5$l$kA`:ne(B
e$B%l%Y%ke(B2e$B$G6X;$5$l$kA:n$K2C$($F!"0J2<$NA:n$,6X;$5$l$k!#e(B
- Object#untaint
- Object#trust
=== e$B%l%Y%ke(B4
e$B%l%Y%ke(B4e$B$O!"?.Mj$5$l$F$$$J$$%3!<%I$r<B9T$9$k$?$a$KMxMQ$5$l$k!#$?$@$7!"$3e(B
e$B$N5!G=$O40A4$G$O$J$$!#>:Y$K$D$$$F$O!"!V%;!<%U%l%Y%ke(B4e$B$NLdBjE@!W$r;2>H!#e(B
e$B$3$N%l%Y%k$G$O!"4m81$JA`:n$,$9$Y$F6X;$5$l$F$$$k$?$a!"%l%Y%ke(B3e$B$G$O6X;$5e(B
e$B$l$F$$$k!V1x@w$5$l$?J8;zNs$Ne(Bevale$B!W$,5v2D$5$l$F$$$k!#e(B
==== e$B6X;_$5$l$kA`:ne(B
e$B%l%Y%ke(B3e$B$G6X;$5$l$kA:ne(B(evale$B$O=|$/e(B)e$B$K2C$($F!"0J2<$NA:n$,6X;$5$l$k!#e(B
- Object#taint
- Object#untrust
- e$B%H%C%W%l%Y%k$NDj5A$NJQ99e(B(autoload, load, include)
- e$B4{B8$N%a%=%C%I$N:FDj5Ae(B
- Objecte$B%/%i%9$NDj5A$NJQ99e(B
- e$B?.Mj$5$l$?%/%i%9$d%b%8%e!<%k$NDj5A$NJQ99e(B
e$B$*$h$S%/%i%9JQ?t$NJQ99e(B - e$B?.Mj$5$l$?%*%V%8%’%/%H$N>uBV$NJQ99e(B
- e$B%0%m!<%P%kJQ?t$NJQ99e(B
- e$B?.Mj$5$l$?e(BIOe$B$de(BFilee$B$r;HMQ$9$k=hM}e(B
- IOe$B$X$N=PNOe(B
- e$B%W%m%0%i%`$N=*N;e(B(exit, abort) (e$B$J$*e(Bout of
memorye$B$G$be(Bfatale$B$K$J$i$J$$e(B) - e$BB>$N%9%l%C%I$K1F6A$,=P$ke(BThreade$B%/%i%9$NA`:ne(B
e$B$*$h$SB>$N%9%l%C%I$Ne(BThread#[] - ObjectSpace._id2ref
- ObjectSpace.each_object
- e$B4D6-JQ?t$NJQ99e(B
- srand
- e$B30It$N;q8;$KBP$9$k$=$NB>$NA`:ne(B
== untainte$B$K$D$$$F$N;X?Ke(B
=== e$B%"%W%j%1!<%7%g%s$K$*$1$ke(Buntaint
e$B%;!<%U%l%Y%ke(B1e$B0J>e$G!“1x@w$5$l$?%*%V%8%’%/%H$K$h$C$F30It$N;q8;$NA`:n$r9Te(B
e$B$&I,MW$,$”$k>l9g$K$O!“e(BObject#untainte$B$K$h$C$Fe(Btaintede$B%U%i%0$r=|5n$9$kI,MWe(B
e$B$,$”$k!#e(B
e$B$?$@$7!“e(Buntainte$B$r9T$&A0$K$O!”$=$N%%V%8%’%/%H$rMxMQ$7$FEv3:A`:n$r9T$C$Fe(B
e$B$bLdBj$J$$$3$H$N%A%’%C%/$r%%V%8%’%/%H$KBP$7$F9T$&$Y$-$G$"$k!#e(B
=== e$B%i%$%V%i%j$K$*$1$ke(Buntaint
e$B%a%=%C%I$N0z?t$J$I$G%f!<%6$+$iM?$($i$l$?%G!<%?$,1x@w$5$l$?%*%V%8%’%/%He(B
e$B$G$J$$>l9g$O!"%f!<%6$,;XDj$7$?A`:n$N<B9T$r0U?^$7$F$$$k$HH=CG$7!"=hM}$Ne(B
e$B<B9T$KI,MW$JFbIt%G!<%?$Ne(Buntainte$B$O!"%i%$%V%i%jB&$G9T$&$3$H$,K>$^$7$$!#e(B
e$B%i%$%V%i%jFbIt$G@8@.$5$l$k%*%V%8%’%/%H$K$D$$$F$O!"%i%$%V%i%j$N%f!<%6B&e(B
e$B$+$ie(Buntainte$B$9$k$3$H$,$G$-$J$$$?$a!">e5-$N$h$&$Je(Buntainte$B$r9T$o$J$$$H!"$=e(B
e$B$N%i%$%V%i%j$r%;!<%U%l%Y%ke(B1e$B0J>e$G$OMxMQ$9$k$3$H$,$G$-$J$$$?$a$G$"$k!#e(B
== e$B3HD%%i%$%V%i%j$N:n@.;X?Ke(B
e$B3HD%%i%$%V%i%j$N:n@.$N:]$K$O!“0J2<$NE@$KCm0U$9$kI,MW$,$”$k!#e(B
=== e$B%;!<%U%l%Y%ke(B4e$B$K$*$1$kA`:n$N6X;_e(B
e$B%;!<%U%l%Y%ke(B4e$B$G$O!"30It$N;q8;$KBP$9$kA:n$r6X;_$9$Y$-$G$"$k!#A:n$N6X;_e(B
e$B$K$O!"e(Brb_secure()e$B$rMxMQ$9$k!#e(B
static VALUE
readline_readline(int argc, VALUE *argv, VALUE self)
{
…
rb_secure(4);
=== e$B30It$+$i$NF~NO$Ne(Btaint
e$B%G!<%?%Y!<%9$+$i$N%G!<%?$NFI$9~$;~$J$I!“30It$+$i$NF~NO$r85$K%%V%8%'e(B
e$B%/%H$r@8@.$9$k>l9g$O!"@8@.$5$l$?%%V%8%’%/%H$re(BOBJ_TAINT()e$B$K$h$je(Btainte$B$9e(B
e$B$Y$-$G$”$k!#e(B
e$BJ8;zNs$N@8@.;~$K$O!"D>@\e(BOBJ_TAINT()e$B$r8F$S=P$9Be$j$K!"e(B
rb_tainted_str_new()e$B$de(Brb_tainted_str_new_cstr()e$B$rMxMQ$9$k$3$H$b$G$-$k!#e(B
== e$B%;!<%U%l%Y%ke(B4e$B$NLdBjE@e(B
e$B8=:_$N%;!<%U%l%Y%ke(B4e$B$N<BAu$O<!$N$h$&$JLdBj$r;}$C$F$*$j!"40A4$G$O$J$$!#e(B
e$BL58B%k!<%W$d%9%?%C%/%*!<%P!<%U%m!<$N8!=P$J$I$r9T$o$J$$$?$a!“e(BDoSe$B>uBV$,e(B
e$B0z$-5/$3$5$l$k2DG=@-$,$”$k!#e(B
*
e$B3HD%%i%$%V%i%j$J$I$K$D$$$F$O!"%;!<%U%l%Y%k$N%A%’%C%/$r9T$C$F$$$J$$$be(B
e$B$N$,$"$k$?$a!“30It$N;q8;$KBP$9$kA`:n$r<B9T$5$l$k2DG=@-$,$”$k!#e(B