SAFE and -T command line option

Ruby
1

Hello,

I was wondering if someone knew the syntax for setting the safe level
using the -T command line option. Here is my code:

IO.popen(“ruby -r userlib program.rb”, “r+”)

I need to set the safe level of the ‘program.rb’ file

Any ideas?

2

On Tue, 20 Feb 2007 12:42:07 +0100, James S. [email protected]
wrote:

Hello,

I was wondering if someone knew the syntax for setting the safe level
using the -T command line option. Here is my code:

C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>echo puts $SAFE > foo.rb

C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby foo.rb
0

C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T foo.rb
1

C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T2 foo.rb
2

C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T3 foo.rb
3

C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T4 foo.rb
foo.rb:1:in write': Insecure operation write’ at level 4
(SecurityError)
from foo.rb:1:in `puts’
from foo.rb:1

3

Thanks for your comments…

I’m trying:

ruby -r userlib -T3 program.rb

This doesn’t seem to be working with the -r option (i also want to load
in the file userlib.rb) - are the two options compatible together?

4

On Tue, 20 Feb 2007 15:38:52 +0100, James S. [email protected]
wrote:

Thanks for your comments…

I’m trying:

ruby -r userlib -T3 program.rb

This doesn’t seem to be working with the -r option (i also want to load
in the file userlib.rb) - are the two options compatible together?

Quoth the Pickaxe, ed. 1: “>= 2 – Ruby prohibits the loading of program
files from globally writable locations.”

D:\UserPrfs\VALLNERD>type foo.rb
require “yaml”
y [1, 2, {:foo => ‘bar’}]

Amusingly enough:

D:\UserPrfs\VALLNERD>attrib -R /s c:\ruby\lib*

D:\UserPrfs\VALLNERD>ruby -T2 foo.rb

  • 1
  • 2
  • :foo: bar

(So either that has been changed since the first edition, or the win32
port plain doesn’t even try to do that check.)

D:\UserPrfs\VALLNERD>ruby -T2 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)

. o 0 (WTF.) I have no idea what’s going on there, besides the
interpreter
obviously evaluating even arguments it’s supposed to parse
order-dependently.

D:\UserPrfs\VALLNERD>ruby -ryaml -T2 foo.rb

  • 1
  • 2
  • :foo: bar

While:

D:\UserPrfs\VALLNERD>attrib +R /s c:\ruby\lib*

D:\UserPrfs\VALLNERD>ruby -ryaml -T3 foo.rb
ruby: Insecure operation: -r (SecurityError)

D:\UserPrfs\VALLNERD>ruby -T3 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)

D:\UserPrfs\VALLNERD>ruby -T3 foo.rb
foo.rb:1:in `require’: Insecure operation - require (SecurityError)
from foo.rb:1

still breaks, even though Pickaxe ed. 1 doesn’t mention further code
loading restrictions. (This doesn’t mean much, while two major versions
of
development do.) Alas, my Pickaxe 2 is on a non-working USB stick and
(hopefully) another computer, so some $SAFE-guru could clarify this.