Re: Strange safe level change

Gennady_B · January 9, 2007, 7:41pm

Eric H. wrote:

$SAFE is switched when you assign to it, never at any other time.
Is it so? Consider the following code:

puts RUBY_VERSION, RUBY_PLATFORM

class Test
def show_safe
puts $SAFE
end
end

Test.new.show_safe
Test.new.method(:show_safe).taint.call

It produces:

:!ruby safe.rb
1.8.4
i686-linux
0
safe.rb:5:in write': Insecure operationwrite’ at level 4
(SecurityError)
from safe.rb:5:in `show_safe’
from safe.rb:12

You have code like $SAFE = 4 in your program somwhere. Use grep to
find it.

Not necessarily. See above.

Typically $SAFE = 4 is only set in a spawned thread since its so
strict its rarely useful outside of sandboxing dangerous code.

Gennady.

Gennady_B · January 9, 2007, 9:41pm

On Jan 9, 2007, at 10:40, Gennady B. wrote:

i686-linux
0
safe.rb:5:in write': Insecure operation write’ at level 4
(SecurityError)
from safe.rb:5:in `show_safe’
from safe.rb:12

Interesting.

You are right. From method_call:

 if (OBJ_TAINTED(method)) {
     safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
 }

$SAFE is only changed for the method invocation, it does not leak
into the surrounding process. puts $SAFE afterward shows the
original safe level.

–
Eric H. - [email protected] - http://blog.segment7.net

I LIT YOUR GEM ON FIRE!