e$B$J$+$@$G$9!#e(B
-Te$B$r;XDj$7$F$be(B$:e$B$Ke(B"."e$B$,4^$^$l$F$$$^$9!#e(B
$ RUBYOPT=-T ruby18 -e ‘p $:.include?(".")’
false
$ RUBYOPT=-T ruby19 -e ‘p $:.include?(".")’
true
Index: ruby.c
— ruby.c (revision 20057)
+++ ruby.c (working copy)
@@ -77,4 +77,5 @@ struct cmdline_options {
int verbose;
int yydebug;
- int safe_level;
unsigned int setids;
unsigned int dump;
@@ -338,7 +339,15 @@ DllMain(HINSTANCE dll, DWORD reason, LPV
#endif
+void ruby_init_loadpath_safe(int safe_level);
+
void
ruby_init_loadpath(void)
{
- ruby_init_loadpath_safe(0);
+}
+void
+ruby_init_loadpath_safe(int safe_level)
+{
VALUE load_path;
#if defined LOAD_RELATIVE
@@ -385,5 +394,5 @@ ruby_init_loadpath(void)
load_path = GET_VM()->load_path;
- if (rb_safe_level() == 0) {
- if (safe_level == 0) {
ruby_incpush(getenv(“RUBYLIB”));
}
@@ -413,5 +422,5 @@ ruby_init_loadpath(void)
incpush(RUBY_RELATIVE(RUBY_ARCHLIB));
- if (rb_safe_level() == 0) {
- if (safe_level == 0) {
incpush(".");
}
@@ -875,5 +884,5 @@ proc_options(int argc, char **argv, stru
s += numlen;
}
- rb_set_safe_level(v);
- if (v > opt->safe_level) opt->safe_level = v;
}
goto reswitch;
@@ -1065,5 +1074,4 @@ process_options(VALUE arg)
char fbuf[MAXPATHLEN];
int i = proc_options(argc, argv, opt, 0);
-
int safe;
argc -= i;
@@ -1071,5 +1079,5 @@ process_options(VALUE arg)if (!(opt->disable & DISABLE_BIT(rubyopt)) &&
-
rb_safe_level() == 0 && (s = getenv(“RUBYOPT”))) {
- opt->safe_level == 0 && (s = getenv(“RUBYOPT”))) {
VALUE src_enc_name = opt->src.enc.name;
VALUE ext_enc_name = opt->ext.enc.name;
@@ -1094,5 +1102,5 @@ process_options(VALUE arg)
}
- if (rb_safe_level() >= 4) {
- if (opt->safe_level >= 4) {
OBJ_TAINT(rb_argv);
OBJ_TAINT(GET_VM()->load_path);
@@ -1134,8 +1142,6 @@ process_options(VALUE arg)
opt->script_name = rb_progname;
opt->script = RSTRING_PTR(opt->script_name);
-
safe = rb_safe_level();
-
rb_set_safe_level_force(0);
-
ruby_init_loadpath();
- ruby_init_loadpath_safe(opt->safe_level);
ruby_init_gems(!(opt->disable & DISABLE_BIT(gems)));
lenc = rb_locale_encoding();
@@ -1169,5 +1175,4 @@ process_options(VALUE arg)
process_sflag(opt);
-
rb_set_safe_level_force(safe);
if (opt->e_script) {
rb_encoding *eenc;
@@ -1203,5 +1208,5 @@ process_options(VALUE arg)
opt->xflag = 0; -
if (rb_safe_level() >= 4) {
-
if (opt->safe_level >= 4) {
FL_UNSET(rb_argv, FL_TAINT);
FL_UNSET(GET_VM()->load_path, FL_TAINT);
@@ -1229,4 +1234,6 @@ process_options(VALUE arg)
} -
rb_set_safe_level(opt->safe_level);
-
return iseq;
}
@@ -1532,5 +1539,5 @@ init_ids(struct cmdline_options *opt)
if (egid != gid) opt->setids |= 2;
if (uid && opt->setids) {
- rb_set_safe_level(1);
- if (opt->safe_level < 1) opt->safe_level = 1;
}
}
@@ -1544,5 +1551,5 @@ forbid_setid(const char *s, struct cmdli
if (opt->setids & 2)
rb_raise(rb_eSecurityError, “no %s allowed while running
setgid”, s);
- if (rb_safe_level() > 0)
-
if (opt->safe_level > 0)
rb_raise(rb_eSecurityError, “no %s allowed in tainted mode”,
s);
}
Index: test/ruby/test_rubyoptions.rb
===================================================================
— test/ruby/test_rubyoptions.rb (revision 20057)
+++ test/ruby/test_rubyoptions.rb (working copy)
@@ -200,4 +200,6 @@ class TestRubyOptions < Test::Unit::Test
assert_in_out_err([], “”, [], []) -
assert_in_out_err([’-e’, ‘p $:.include?(".")’], “”, [“true”], [])
-
ENV[‘RUBYOPT’] = ‘-e “p 1”’
assert_in_out_err([], “”, [], /invalid switch in RUBYOPT: -e
(RuntimeError)/)
@@ -206,4 +208,6 @@ class TestRubyOptions < Test::Unit::Test
assert_in_out_err([], “”, [], /no program input from stdin allowed
in tainted mode (SecurityError)/) -
assert_in_out_err([’-e’, ‘p $:.include?(".")’], “”, [“false”], [])
-
ENV[‘RUBYOPT’] = ‘-T4’
assert_in_out_err([], “”, [], /no program input from stdin allowed
in tainted mode (SecurityError)/)