Rune Hammersland
11/1/2006 12:11:00 PM
Robert Dober wrote:
> On 10/31/06, ara.t.howard@noaa.gov <ara.t.howard@noaa.gov> wrote:
> <Ara's version of code snipped>
>> harp:~ > ruby a.rb
>> LOL: superclass method `lol' disabled
>
>
> It does the same as OP's code, I really feel this is strange.
> Rune, on philiosophical grounds, I prefer the second behavior the
> super
> method being available again, can you elaborate on why you prefer the
> first?
I don't necessarily prefer the first, I prefer them to behave the
same way.
Actually having the super method available makes more sense.
The reason I stumbled upon this is because I'm writing about
sandboxing and
would like to explain how you can supply "safe" versions of classes
in the
sandbox by "disabling" unsafe methods (of course it doesn't help if
you can
simply redefine the method yourself, but it's a first step). When
playing
around with undef_method and remove_method I found that remove_method
only
removes method defined in the class it self (and not derived
methods), while
undef_method prevents objects of the class from responding to the
method (as
is explained in `ri Module.undef_method`). And then I found this
inconsistency
in behavior.
While we're on it: any good suggestions for how to supply "safe"
versions of
classes to the sandbox? Something like how Python's Bastion module is/
was
supposed to work (it's now deprecated, together with the RExec
module). I
guess the best would be to call remove_method on the unsafe methods
in the
classes they are defined, and hope that an attacker don't redefine
the method
himself (which is hard to prevent).
--
Vennlig Hilsen / Regards
Rune Hammersland