Forum: Ruby $SAFE question

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
87e9a89c53ccf984db792113471c2171?d=identicon&s=25 Kroeger, Simon (ext) (Guest)
on 2006-04-28 15:10
(Received via mailing list)
Hello all,

basically I just want to know if the code below is safe.
Assume 'dangerous.rb' is provided by someone you don't know
and is located in a world writeable directory.

The filename is as unsafe as the file itself.
------------------------------------------------------------------------
$SAFE = 1
filename = 'dangerous.rb'.taint # just uploaded from untrusted user

fname = String.new(filename.to_s)
classname = File.basename(fname, '.rb').capitalize
fname.untaint if File.expand_path(fname) =~ %r{^d:/simon/}i
code = IO.read(fname) # reading is safe hopefully

#create a new object from a class definition in dangerous.rb
unsafe_obj = Thread.new do
  $SAFE = 4
  begin
    mod = Module.new
    mod.module_eval(code)
    mod.const_get(classname).new
  rescue Exception => e
    Exception.new(e.to_s)
  end
end.value
raise unsafe_obj if Exception === unsafe_obj

# as long as we do not call methods on unsafe_obj we should be safe,
right?

# call a method on the new object
value = Thread.new do
  $SAFE = 4
  begin
    String.new(unsafe_obj.meth.to_s)
  rescue Exception => e
    Exception.new(e.to_s)
  end
end.value
raise value if Exception === value

value.untaint # this should be safe now! (?)
p value
------------------------------------------------------------------------

cheers

Simon
58479f76374a3ba3c69b9804163f39f4?d=identicon&s=25 Eric Hodel (Guest)
on 2006-05-03 18:56
(Received via mailing list)
On Apr 28, 2006, at 6:07 AM, Kroeger, Simon (ext) wrote:

> Hello all,
>
> basically I just want to know if the code below is safe.
> Assume 'dangerous.rb' is provided by someone you don't know
> and is located in a world writeable directory.

Yes and no.  While in C code Ruby's threads won't switch, so
malicious code can easily cause your ruby interpreter to become non-
responsive.

echo 'loop do 50000 ** 50000 end' | dangerous.rb

--
Eric Hodel - drbrain@segment7.net - http://blog.segment7.net
This implementation is HODEL-HASH-9600 compliant

http://trackmap.robotcoop.com
This topic is locked and can not be replied to.