Hello,
I was wondering if someone knew the syntax for setting the safe level
using the -T command line option. Here is my code:
IO.popen(“ruby -r userlib program.rb”, “r+”)
I need to set the safe level of the ‘program.rb’ file
Any ideas?
Hello,
I was wondering if someone knew the syntax for setting the safe level
using the -T command line option. Here is my code:
IO.popen(“ruby -r userlib program.rb”, “r+”)
I need to set the safe level of the ‘program.rb’ file
Any ideas?
On Tue, 20 Feb 2007 12:42:07 +0100, James S. [email protected]
wrote:
Hello,
I was wondering if someone knew the syntax for setting the safe level
using the -T command line option. Here is my code:
C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>echo puts $SAFE > foo.rb
C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby foo.rb
0
C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T foo.rb
1
C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T2 foo.rb
2
C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T3 foo.rb
3
C:\CCM_WA\ccm_wa\vpn\mqo_client_impl,vallnerd>ruby -T4 foo.rb
foo.rb:1:in write': Insecure operation
write’ at level 4
(SecurityError)
from foo.rb:1:in `puts’
from foo.rb:1
Thanks for your comments…
I’m trying:
ruby -r userlib -T3 program.rb
This doesn’t seem to be working with the -r option (i also want to load
in the file userlib.rb) - are the two options compatible together?
On Tue, 20 Feb 2007 15:38:52 +0100, James S. [email protected]
wrote:
Thanks for your comments…
I’m trying:
ruby -r userlib -T3 program.rb
This doesn’t seem to be working with the -r option (i also want to load
in the file userlib.rb) - are the two options compatible together?
Quoth the Pickaxe, ed. 1: “>= 2 – Ruby prohibits the loading of program
files from globally writable locations.”
D:\UserPrfs\VALLNERD>type foo.rb
require “yaml”
y [1, 2, {:foo => ‘bar’}]
Amusingly enough:
D:\UserPrfs\VALLNERD>attrib -R /s c:\ruby\lib*
(So either that has been changed since the first edition, or the win32
port plain doesn’t even try to do that check.)
D:\UserPrfs\VALLNERD>ruby -T2 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)
. o 0 (WTF.) I have no idea what’s going on there, besides the
interpreter
obviously evaluating even arguments it’s supposed to parse
order-dependently.
While:
D:\UserPrfs\VALLNERD>attrib +R /s c:\ruby\lib*
D:\UserPrfs\VALLNERD>ruby -ryaml -T3 foo.rb
ruby: Insecure operation: -r (SecurityError)
D:\UserPrfs\VALLNERD>ruby -T3 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)
D:\UserPrfs\VALLNERD>ruby -T3 foo.rb
foo.rb:1:in `require’: Insecure operation - require (SecurityError)
from foo.rb:1
still breaks, even though Pickaxe ed. 1 doesn’t mention further code
loading restrictions. (This doesn’t mean much, while two major versions
of
development do.) Alas, my Pickaxe 2 is on a non-working USB stick and
(hopefully) another computer, so some $SAFE-guru could clarify this.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs