Forum: Ruby Re: Strange safe level change

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
397f61cc4458e13157b4facf72325e5f?d=identicon&s=25 Gennady Bystritsky (Guest)
on 2007-01-10 00:33
(Received via mailing list)
Eric Hodel wrote:
>>>> security level...
>> 1.8.4
>      if (OBJ_TAINTED(method)) {
>          safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;      }

Yes, I got the idea for the example from looking at this particular spot
;-). Interesting, that if your current $SAFE level is 1, such method
invocation switches it to 5.

> $SAFE is only changed for the method invocation, it does not leak
> into the surrounding process.  puts $SAFE afterward shows the
> original safe level.

You are absolutely right. However, what if a method invoked in such a
way is a starting point for your entire subsystem? ;-)

I wonder, what is the reason for such a behavior? I am sure there's a
very good one.

This topic is locked and can not be replied to.