Ruby1.9 での $SAFE==4 での動作の仕様変更について

e$B1J0f!wCNG=!%6e9)Bg$G$9!%e(B

e$BI8Bj$N7o$K$D$$$F$G$9$+!$$I$3$+$K$^$H$a$i$l$?>pJs$H$+$O$J$$$G$7$g$&$+!)e(B

e$B$H$j$"$($:8=>u$G!$e(Brb_str_intern e$B$N;EMMJQ99$Ge(B
SecurityError e$B$r=P$9$h$&$K$J$C$F:$$C$F$^$9!%e(B
e$BB>$K$b;EMMJQ99$,$"$k$J$i$=$l$K9g$o$;$?BP:v$,I,MW$K$J$j$=$&$G$9$N$G!$e(B
e$B>pJse(B ([email protected]}[email protected]!W$H$$$&>pJs$r4^$`e(B)
e$B$r8fB8CN$NJ}$,$"$j$^$7$?$ie(B
e$B65$([email protected]$1$J$$$G$7$g$&$+!%e(B

rb_str_intern e$B$N;EMMJQ99$N7o$O!$e(B
1.8 e$B$K$OB8:_$7$?e(B !rb_sym_interned_p(str)
e$B$N%A%%C%/$,>C$($?$?$a!$e(B
e$BEO$5$l$?J8;zNs$r%A%%C%/$7$Fe(B send
e$B$GAw$k$h$&$K$7$F$$$?$b$N$,e(B
e$BF0$+$J$/$J$C$?e(B (Insecure: cant intern tainted string)
e$B$H$$$&$b$N$G$9!%e(B

e$B$3$N;EMMJQ99$OI,[email protected]$C$?$N$G$7$g$&$+!)e(B
symbol e$B$,e(B GC e$B$5$l$J$$$?$a$KEPO?$5$l$ke(B symbol e$B$NNL$re(B
e$BGzH/$5$;$J$$$?$a$H$$$&$N$J$iM}2r$G$-$b$9$k$N$G$9$,!$e(B
rb_sym_interned_p e$B$O$9$G$KB8:_$9$k$b$N$K$D$$$F$Oe(B OK
e$B$H$$$&$3$H$Ge(B
e$BG{$j$rF~$l$F$$$k$o$1$G$9$N$G!$EPO?e(B symbol
e$BNL$OA}$($^$;$s$h$M!)e(B
e$B$=$l$K!$e(B

s = foo.taint; Thread.new{$SAFE=4; eval :#{s}}.value

e$B$H$+e(B

Thread.new{$SAFE=4; s = foo; eval :#{s} if s.tainted?}.value

e$B$H$+$OLdBj$J$/<B9T$G$-$F!$$"$C$5$j$He(B symbol
[email protected]@.$7$F$7$^$&$N$Ge(B
e$B;EMMJQ99$NM}M3$,$h$/J,$+$i$J$$$G$9!%e(B

e$B$=$l$H$b!$C1$K;d$,%;%-%e%j%F%#$NLdBj$rM}[email protected]$1$G!$e(B
e$B%;%-%e%j%F%#%[!<%k$K$J$j$&$k$h$&$JJL$N%1!<%9$,B8:_$9$k$N$G$7$g$&$+!)e(B

e$B$^$D$b$He(B e$B$f$-$R$m$G$9e(B

In message Re: [ruby-dev:34219] Ruby1.9 e$B$G$Ne(B $SAFE==4
e$B$G$NF0:n$N;EMMJQ99$K$D$$$Fe(B
on Wed, 2 Apr 2008 13:37:50 +0900, Hidetoshi NAGAI
[email protected] writes:

|e$B$H$j$"$($:8=>u$G!$e(Brb_str_intern e$B$N;EMMJQ99$Ge(B
|SecurityError e$B$r=P$9$h$&$K$J$C$F:$$C$F$^$9!%e(B
|e$BB>$K$b;EMMJQ99$,$"$k$J$i$=$l$K9g$o$;$?BP:v$,I,MW$K$J$j$=$&$G$9$N$G!$e(B
|e$B>pJse(B ([email protected]}[email protected]!W$H$$$&>pJs$r4^$`e(B) e$B$r8fB8CN$NJ}$,$"$j$^$7$?$ie(B
|e$B65$([email protected]$1$J$$$G$7$g$&$+!%e(B

e$B%a!<%[email protected]$$$?8e$$$m$$$m9M$($?$N$G$9$,!"e(BString#interne$B$Ke(B
e$B$Oe(Btaintede$B%A%%C%/$OITMW$H$$$&[email protected]$K$J$j$^$7$?!#e(B1.9e$B$G$O<h$j=|e(B
e$B$-$^$9!#e(B1.8e$B$G$be(Brb_sym_interned_p(str)e$B$H$b$I$b:o=|$7$F$b$+$^e(B
e$B$o$J$$$H;W$$$^$9!#e(B

e$B1J0f!wCNG=!%6e9)Bg$G$9!%e(B

From: Yukihiro M. [email protected]
Subject: [ruby-dev:34264] Re: Ruby1.9 e$B$G$Ne(B $SAFE==4
e$B$G$NF0:n$N;EMMJQ99$K$D$$$Fe(B
Date: Mon, 7 Apr 2008 02:16:38 +0900
Message-ID: [email protected]

e$B%a!<%[email protected]$$$?8e$$$m$$$m9M$($?$N$G$9$,!"e(BString#interne$B$Ke(B
e$B$Oe(Btaintede$B%A%%C%/$OITMW$H$$$&[email protected]$K$J$j$^$7$?!#e(B1.9e$B$G$O<h$j=|e(B
e$B$-$^$9!#e(B1.8e$B$G$be(Brb_sym_interned_p(str)e$B$H$b$I$b:o=|$7$F$b$+$^e(B
e$B$o$J$$$H;W$$$^$9!#e(B

e$B$"$j$,$H$&$4$6$$$^$9!%e(B
e$B<j85$GBP:v$r$"$l$3$l;n$7$F$$$?$s$G$9$,!$$9$Y$F85$KLa$7$^$7$?!%e(B(^_^)

e$B$3$l$G<!$N2]Bj$K?J$a$^$9!%e(B(^_^;

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs