e$B1sF#$H?=$7$^$9!#e(B
e$B0J2<$N5sF0$O0U?^E*$G$7$g$&$+!#e(B
$ RUBYOPT=-T4 ./ruby
./ruby: Insecure: can’t set constant (SecurityError)
$ ./ruby -v
ruby 1.9.0 (2008-04-15 revision 16040) [i686-linux]
e$B<B32$O$J$$5$$b$7$^$9$,!"$4Js9p$^$G!#e(B
e$B1sF#$H?=$7$^$9!#e(B
e$B0J2<$N5sF0$O0U?^E*$G$7$g$&$+!#e(B
$ RUBYOPT=-T4 ./ruby
./ruby: Insecure: can’t set constant (SecurityError)
$ ./ruby -v
ruby 1.9.0 (2008-04-15 revision 16040) [i686-linux]
e$B<B32$O$J$$5$$b$7$^$9$,!"$4Js9p$^$G!#e(B
e$B1sF#$G$9!#e(B
2008/04/16 0:00 Yusuke ENDOH [email protected]:
e$B0J2<$N5sF0$O0U?^E*$G$7$g$&$+!#e(B
$ RUBYOPT=-T4 ./ruby
./ruby: Insecure: can’t set constant (SecurityError)$ ./ruby -v
ruby 1.9.0 (2008-04-15 revision 16040) [i686-linux]
r16050 e$B$G=$@5$7$F$$$?$@$$$?$h$&$G$9$,!"$=$NI{:nMQ$Ge(B RUBYOPT=-T1
e$B$G$bI8=F~NO$+$i%W%m%0%i%
$rN.$79~$a$k$h$&$K$J$C$?$h$&$G$9!#e(B
$ RUBYOPT=-T1 ./ruby
p 1
1
$ ./ruby -v
ruby 1.9.0 (2008-04-16 revision 16050) [i686-linux]
1.8 e$B$G$Oe(B SecurityError e$B$K$J$j$^$9!#e(B
$ RUBYOPT=-T1 ruby
ruby: no program input from stdin allowed in tainted mode
(SecurityError)
$ ruby -v
ruby 1.8.5 (2006-08-25) [i486-linux]
e$B$J$+$@$G$9!#e(B
At Wed, 16 Apr 2008 12:49:39 +0900,
Yusuke ENDOH wrote in [ruby-dev:34421]:
r16050 e$B$G=$@5$7$F$$$?$@$$$?$h$&$G$9$,!"$=$NI{:nMQ$Ge(B RUBYOPT=-T1
e$B$G$bI8=F~NO$+$i%W%m%0%i%
$rN.$79~$a$k$h$&$K$J$C$?$h$&$G$9!#e(B$ RUBYOPT=-T1 ./ruby
p 1
1
encodinge$B$O>o$Ke(B$SAFE=0e$B$G%m!<%I$9$k$h$&$K$7$h$&$+$H$b;W$$$^$7$?$,!"e(B
e$B$=$N>l9g$ODL>o$N%i%$%V%i%j$H$OJ,$1$J$$$H$^$:$$$+$J$H$$$&5$$b$7$^e(B
e$B$9!#e(B
e$B$b$&0l$D9M$($?$N$,!“e(B-Te$B$N1F6A$re(B
process_optionse$B$NCf$KJD$8$F$7$^$Ce(B
e$B$F!”<B:]$Ke(B$SAFEe$B$K%;%C%H$9$k$N$O:G8e$K2s$9!"$H$$$&J}K!$G$9!#e(B
— parse.y (revision 16050)
+++ parse.y (working copy)
@@ -8691,4 +8691,24 @@ rb_gc_mark_parser(void)
NODE*
+rb_parser_add_prelude(VALUE vparser, NODE *node, NODE *prelude)
+{
— ruby.c (revision 16050)
+++ ruby.c (working copy)
@@ -84,4 +95,6 @@ struct cmdline_options {
int verbose;
int yydebug;
+static void init_ids(struct cmdline_options *);
+
+#define cmdline_options_init(opt) (MEMZERO((opt), *(opt), 1), \
init_ids(opt), \
(opt)->src.enc.index = src_encoding_index)
struct cmdline_arguments {
int argc;
@@ -102,5 +126,6 @@ struct cmdline_arguments {
static NODE *load_file(VALUE, const char *, int, struct cmdline_options
*);
-static void forbid_setid(const char *);
+static void forbid_setid(const char *, struct cmdline_options *);
+#define forbid_setid(s) forbid_setid(s, opt)
static struct {
@@ -328,5 +353,5 @@ DllMain(HINSTANCE dll, DWORD reason, LPV
void
-ruby_init_loadpath(void)
+ruby_init_loadpath_safe(int safe_level)
{
#if defined LOAD_RELATIVE
@@ -378,5 +404,5 @@ ruby_init_loadpath(void)
#define incpush(path) rb_ary_push(rb_load_path,
rubylib_mangled_path2(path))
+void
+ruby_init_loadpath(void)
+{
struct req_list {
@@ -793,5 +825,5 @@ proc_options(int argc, char **argv, stru
s += numlen;
}
static VALUE
@@ -949,8 +986,8 @@ process_options(VALUE arg)
NODE *tree = 0;
VALUE parser;
int safe;
argc -= i;
@@ -958,5 +995,5 @@ process_options(VALUE arg)
if (!(opt->disable & DISABLE_BIT(rubyopt)) &&
rb_safe_level() == 0 && (s = getenv(“RUBYOPT”))) {
rb_set_safe_level(v);
if (v > opt->safe_level) opt->safe_level = v;
}rb_set_safe_level_force(safe);
if (!tree) return Qfalse;
@@ -1099,5 +1133,5 @@ process_options(VALUE arg)
opt->xflag = 0;
if (rb_safe_level() >= 4) {
@@ -1274,6 +1318,5 @@ rb_load_file(const char *fname)
struct cmdline_options opt;
static void
-init_ids(void)
+init_ids(struct cmdline_options *opt)
{
+#undef forbid_setid
static void
-forbid_setid(const char *s)
+forbid_setid(const char *s, struct cmdline_options *opt)
{
init_ids();
rb_define_hooked_variable("$VERBOSE", &ruby_verbose, 0,
verbose_setter);
rb_define_hooked_variable("$-v", &ruby_verbose, 0, verbose_setter);
@@ -1497,5 +1539,5 @@ ruby_process_options(int argc, char **ar
NODE *tree;
MEMZERO(&opt, opt, 1);
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs