Forum: Ruby-core [ruby-trunk - Feature #7839][Open] Symbol.freeze_symbols

Be30361bb0b0c495e3077db43ad84b56?d=identicon&s=25 tenderlovemaking (Aaron Patterson) (Guest)
on 2013-02-12 22:38
(Received via mailing list)
Issue #7839 has been reported by tenderlovemaking (Aaron Patterson).

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
2abdb50caf0dc5b510330f68b02db8e4?d=identicon&s=25 rosenfeld (Rodrigo Rosenfeld Rosas) (Guest)
on 2013-02-13 01:03
(Received via mailing list)
Issue #7839 has been updated by rosenfeld (Rodrigo Rosenfeld Rosas).


I really believe that letting the symbols to be garbage collected
(#7791) is the way to go here.

You have mentioned that changing YAML#load to be safe by default would
break existing apps and now you suggest that it would be safe to freeze
symbols at some point as if it wouldn't break existing apps relying on
marshalling behavior of Ruby libraries. Could you please explain better
why do you think it is ok to freeze symbols in Rails and break existing
apps but it is not ok to make YAML#load safe (preferring a new safe_load
method instead)?
----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36184

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
3df767279ce7d81db0a5bb30f5136863?d=identicon&s=25 Matthew Kerwin (mattyk)
on 2013-02-13 01:40
(Received via mailing list)
Issue #7839 has been updated by phluid61 (Matthew Kerwin).


rosenfeld (Rodrigo Rosenfeld Rosas) wrote:
> Could you please explain better why do you think it is ok to freeze symbols in
Rails and break existing apps but it is not ok to make YAML#load safe 
(preferring
a new safe_load method instead)?

Users can choose whether or not to call Symbol.freeze_symbols , and 100%
of current apps do not call it, so those apps will continue to function
exactly as they always have until they are updated.  Similary, they can
choose to update their apps to use YAML#safe_load instead of #load.

Changing the behaviour of YAML#load would change the behaviour of
existing apps without any opt-in from their maintainers.
----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36185

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
2abdb50caf0dc5b510330f68b02db8e4?d=identicon&s=25 rosenfeld (Rodrigo Rosenfeld Rosas) (Guest)
on 2013-02-13 01:56
(Received via mailing list)
Issue #7839 has been updated by rosenfeld (Rodrigo Rosenfeld Rosas).


yeah, but if Rails calls Symbol.freeze_symbols it could break all Rails
applications relying on YAML#load as an unmarshall method. Are you
suggesting that Rails shouldn't care about breaking existing Rails apps
but that Ruby should care about breaking existing Ruby apps?
----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36187

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
18813f71506ebad74179bf8c5a136696?d=identicon&s=25 Eric Wong (Guest)
on 2013-02-13 02:10
(Received via mailing list)
"tenderlovemaking (Aaron Patterson)" <aaron@tenderlovemaking.com> wrote:
> I'd like to be able to call a method like `Symbol.freeze_symbols`
> which would essentially freeze the symbol hash, such that if any new
> symbols are created, an exception would be thrown.

How about the option to do a soft freeze which issues a warning instead
of exception? (but support both).  Start using soft freeze, and move to
a real freeze later when apps/gems are fixed.
3df767279ce7d81db0a5bb30f5136863?d=identicon&s=25 Matthew Kerwin (mattyk)
on 2013-02-13 02:26
(Received via mailing list)
Issue #7839 has been updated by phluid61 (Matthew Kerwin).


rosenfeld (Rodrigo Rosenfeld Rosas) wrote:
> yeah, but if Rails calls Symbol.freeze_symbols it could break all Rails
applications relying on YAML#load as an unmarshall method. Are you suggesting 
that
Rails shouldn't care about breaking existing Rails apps but that Ruby should 
care
about breaking existing Ruby apps?

Nobody said rails would call it.  How would rails know when your
particular app's symbols have stabilised?  The biggest automation I'd
have expected would be that they provide a trigger hook, so you can
instruct rails/ruby to freeze the table when some condition is met.  If
they were going to add an automagic trigger at, for example, "all
classes loaded" (whatever that means), surely it would be an opt-in
configuration-driven behaviour.
----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36189

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
3df767279ce7d81db0a5bb30f5136863?d=identicon&s=25 Matthew Kerwin (mattyk)
on 2013-02-13 02:47
(Received via mailing list)
Issue #7839 has been updated by phluid61 (Matthew Kerwin).


normalperson (Eric Wong) wrote:
> "tenderlovemaking (Aaron Patterson)" <aaron@tenderlovemaking.com> wrote:
>  > I'd like to be able to call a method like `Symbol.freeze_symbols`
>  > which would essentially freeze the symbol hash, such that if any new
>  > symbols are created, an exception would be thrown.
>
>  How about the option to do a soft freeze which issues a warning instead
>  of exception? (but support both).  Start using soft freeze, and move to
>  a real freeze later when apps/gems are fixed.

Also, would you expect to be able to thaw it out again?  It might be
enough in the short term to, e.g.
    begin
      Symbol.freeze_symbols
      YAML.load(...)
    ensure
      Symbol.thaw_symbols
    end

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36191

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 shugo (Shugo Maeda) (Guest)
on 2013-02-13 03:17
(Received via mailing list)
Issue #7839 has been updated by shugo (Shugo Maeda).


phluid61 (Matthew Kerwin) wrote:
> Also, would you expect to be able to thaw it out again?  It might be enough in
the short term to, e.g.
>     begin
>       Symbol.freeze_symbols
>       YAML.load(...)
>     ensure
>       Symbol.thaw_symbols
>     end

If this is a main use case of Symbol.freeze_symbols, it might be better
to have String#intern's option to control whether a symbol creation is
allowed and to make YAML.safe_load to use it.

   :foo
   "foo".intern #=> :foo
   "bar".intern #=> :bar
   "foo".intern(allow_new: false) #=> :foo
   "bar".intern(allow_new: false) #=> error

I guess it can be implemented easily compared to Symbol GC.

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36192

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
38b74ccb8896076ccd0adbab2eba0809?d=identicon&s=25 Aaron Patterson (tenderlove)
on 2013-02-13 04:02
(Received via mailing list)
On Wed, Feb 13, 2013 at 11:16:31AM +0900, shugo (Shugo Maeda) wrote:
> >       Symbol.thaw_symbols
> >     end

I think having a freeze and thaw would be fine.

> If this is a main use case of Symbol.freeze_symbols, it might be better to have
String#intern's option to control whether a symbol creation is allowed and to 
make
YAML.safe_load to use it.
>
>    :foo
>    "foo".intern #=> :foo
>    "bar".intern #=> :bar
>    "foo".intern(allow_new: false) #=> :foo
>    "bar".intern(allow_new: false) #=> error

The problem with this is we can be calling foreign code.  We have to
force all library authors to use it.  Library authors may not expect
that calls to ".intern" will be fed user input.

Most security issues we have to deal with (even the YAML example) are
cases where we do not expect to process foreign input.

> I guess it can be implemented easily compared to Symbol GC.

Even freezing and thawing would definitely be easier than Symbol GC.
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 shugo (Shugo Maeda) (Guest)
on 2013-02-13 05:10
(Received via mailing list)
Issue #7839 has been updated by shugo (Shugo Maeda).


>  > If this is a main use case of Symbol.freeze_symbols, it might be better to
have String#intern's option to control whether a symbol creation is allowed and 
to
make YAML.safe_load to use it.
(snip)
>  The problem with this is we can be calling foreign code.  We have to
>  force all library authors to use it.  Library authors may not expect
>  that calls to ".intern" will be fed user input.
>
>  Most security issues we have to deal with (even the YAML example) are
>  cases where we do not expect to process foreign input.

Hmm.... I'm worried that the following code is not thread safe.

 > >     begin
 > >       Symbol.freeze_symbols
 > >       YAML.load(...)
 > >     ensure
 > >       Symbol.thaw_symbols
 > >     end

>  > I guess it can be implemented easily compared to Symbol GC.
>
>  Even freezing and thawing would definitely be easier than Symbol GC.

Sasada-san might implement Symbol GC for MRI.
# So I'm worried that he might get less popular with women.

If it can be implemented in other implementations, it would be the best
solution.

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36194

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
Accaf690f3d97aab6e6e02adac8150be?d=identicon&s=25 Student Jr (student)
on 2013-02-13 06:16
(Received via mailing list)
Issue #7839 has been updated by Student (Nathan Zook).


Creating global state has global implications.  Yes, there are threading
implications.  Yes, there are issues with called libraries.  But what
really annoys me is yet again some software providers (again from the
Rails team) that thinks he understands everything that users of his
software might do.

I'm NOT just talking about poorly designed code.  Honestly, I think that
normal Rails behaviour is not expected to match this.  I know that
dynamic finders are supposed to be passe', but if Rails continues to
implement ANY dynamic method generation that happens at runtime, then
there is no way to know when the particular piece of code that does the
generation gets called.  In fact, this entire conversation got started
because the Rails framework intentionally generated symbols during
runtime.  That's not to mention (Rails) application code doing so for
perfectly reasonable conditions.

I very much favour making the symbol table queriable. (#7795)  Let
YAML.safe_load check it.  Let to_json(:safe => true) check it.  But
don't break existing code simply because you think your global solution
is going to make life good for everyone.



----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36195

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 alexeymuranov (Alexey Muranov) (Guest)
on 2013-02-13 09:16
(Received via mailing list)
Issue #7839 has been updated by alexeymuranov (Alexey Muranov).


Sorry about a naïve idea, but what would you say about prohibiting
interning tainted strings instead?
----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36207

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 yhara (Yutaka HARA) (Guest)
on 2013-02-13 10:31
(Received via mailing list)
Issue #7839 has been updated by yhara (Yutaka HARA).

Category set to core
Target version set to next minor


----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36218

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category: core
Target version: next minor


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
Accaf690f3d97aab6e6e02adac8150be?d=identicon&s=25 Student Jr (student)
on 2013-02-14 01:02
(Received via mailing list)
Issue #7839 has been updated by Student (Nathan Zook).


+1 to prohibiting interning of tainted strings.  Probably $SAFE >= 1,
though.  Currently, this is a problem for $SAFE <= 2.

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36256

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category: core
Target version: next minor


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
38b74ccb8896076ccd0adbab2eba0809?d=identicon&s=25 Aaron Patterson (tenderlove)
on 2013-02-14 01:31
(Received via mailing list)
On Wed, Feb 13, 2013 at 05:15:25PM +0900, alexeymuranov (Alexey Muranov)
wrote:
38b74ccb8896076ccd0adbab2eba0809?d=identicon&s=25 Aaron Patterson (tenderlove)
on 2013-02-14 01:32
(Received via mailing list)
On Wed, Feb 13, 2013 at 01:10:24PM +0900, shugo (Shugo Maeda) wrote:
> >  Most security issues we have to deal with (even the YAML example) are
> >  cases where we do not expect to process foreign input.
>
> Hmm.... I'm worried that the following code is not thread safe.
>
>  > >     begin
>  > >       Symbol.freeze_symbols
>  > >       YAML.load(...)
>  > >     ensure
>  > >       Symbol.thaw_symbols
>  > >     end

Yes, this is probably not thread safe, but if people *know* it's not
thread safe, then they can lock:

    begin
      Symbol.lock
      Symbol.freeze_symbols
      YAML.load(...)
    ensure
      Symbol.thaw_symbols
      Symbol.unlock
    end

> >  > I guess it can be implemented easily compared to Symbol GC.
> >
> >  Even freezing and thawing would definitely be easier than Symbol GC.
>
> Sasada-san might implement Symbol GC for MRI.
> # So I'm worried that he might get less popular with women.
>
> If it can be implemented in other implementations, it would be the best
solution.

I think so too.  If Symbol GC turns out to be too hard though, I'd like
to explore this option! :-)
38b74ccb8896076ccd0adbab2eba0809?d=identicon&s=25 Aaron Patterson (tenderlove)
on 2013-02-14 01:33
(Received via mailing list)
On Wed, Feb 13, 2013 at 10:08:28AM +0900, Eric Wong wrote:
> "tenderlovemaking (Aaron Patterson)" <aaron@tenderlovemaking.com> wrote:
> > I'd like to be able to call a method like `Symbol.freeze_symbols`
> > which would essentially freeze the symbol hash, such that if any new
> > symbols are created, an exception would be thrown.
>
> How about the option to do a soft freeze which issues a warning instead
> of exception? (but support both).  Start using soft freeze, and move to
> a real freeze later when apps/gems are fixed.

Even having a warning would be nice!
Bcb6acc9d0d9bef99e033b36c3d32ca9?d=identicon&s=25 Charlie Somerville (Guest)
on 2013-02-14 01:45
(Received via mailing list)
On Thursday, 14 February 2013 at 11:30 AM, Aaron Patterson wrote:
> end
I think this is a perfect contender for a block. There can be a global
'symbol_freeze_count' that is incremented when the block enters, and
decremented on the way out.

For example:

  Symbol.frozen do
    :foo # ok because this is symbol-ified by the parser beforehand
    eval ":foo" # exception
    "foo".to_sym # exception
  end

This is better because it is re-entrant, unlike a pair of 'freeze' and
'thaw' methods.
Accaf690f3d97aab6e6e02adac8150be?d=identicon&s=25 Student Jr (student)
on 2013-02-15 01:09
(Received via mailing list)
Issue #7839 has been updated by Student (Nathan Zook).


Would my proposal #7854 not allow an easy and clean solution to this
problem?

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36299

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category: core
Target version: next minor


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 shugo (Shugo Maeda) (Guest)
on 2013-02-15 02:44
(Received via mailing list)
Issue #7839 has been updated by shugo (Shugo Maeda).


Student (Nathan Zook) wrote:
> +1 to prohibiting interning of tainted strings.  Probably $SAFE >= 1, though.
Currently, this is a problem for $SAFE <= 2.

$SAFE is not implemented in other implementations, so this issue should
be addressed without $SAFE.

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36301

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category: core
Target version: next minor


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 ko1 (Koichi Sasada) (Guest)
on 2013-02-18 01:35
(Received via mailing list)
Issue #7839 has been updated by ko1 (Koichi Sasada).

Assignee set to matz (Yukihiro Matsumoto)


----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36477

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee: matz (Yukihiro Matsumoto)
Category: core
Target version: next minor


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
9361878d459f1709feec780518946ee5?d=identicon&s=25 unknown (Guest)
on 2014-02-25 16:03
(Received via mailing list)
Issue #7839 has been updated by Yui NARUSE.

Related to Feature #7854: New method Symbol[string] added

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-45467

* Author: Aaron Patterson
* Status: Open
* Priority: Normal
* Assignee: Yukihiro Matsumoto
* Category: core
* Target version: next minor
----------------------------------------
Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
0ec4920185b657a03edf01fff96b4e9b?d=identicon&s=25 unknown (Guest)
on 2014-02-25 16:16
(Received via mailing list)
Issue #7839 has been updated by Yukihiro Matsumoto.

Status changed from Open to Rejected

Although I agree that we need something to prevent Symbol DoS attack,
#freeze_symbols has too destructive I think.
I think that something should be a variation of #intern that refuses
addition to the symbol table.

Matz.


----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-45468

* Author: Aaron Patterson
* Status: Rejected
* Priority: Normal
* Assignee: Yukihiro Matsumoto
* Category: core
* Target version: next minor
----------------------------------------
Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.
From our perspective, there should be a point in the application where
symbols should stabilize, meaning we don't expect the number of symbols
to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which
would essentially freeze the symbol hash, such that if any new symbols
are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out
there.
This topic is locked and can not be replied to.