On Dec 18, 2007 9:11 AM, Christophe M. [email protected]
marshaling, but then it would already have to exist in the running
executable, so at first glance it seems there is no danger, but just
i’d ask anyway.
You can set the $SAFE level of a ruby script.
Any strings that come in from userland (stdin, sockets, pipes, etc.)
are tainted by default. When you set a higher safe level, ruby
restricts what can be done with those tainted strings. Read the link
above – it’s a chapter from the Programming Ruby book (the pick-axe)
– and it goes into much more detail than I could ever hope to type