[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Re: Strange safe level change

Gennady Bystritsky

1/9/2007 6:40:00 PM

Eric Hodel wrote:
> On Jan 8, 2007, at 22:29, Tom wrote:
>
>> Well I'm mailing about a problem I'm having while using the rails
>> framework, since it does seem to be a ruby problem I thought I might
>> as well post here
>>
>> I have a security level problem, for unknown reasons it switches
>> from level 0 to level 4 and then provoke some error related to the
>> security level...
>
> $SAFE is switched when you assign to it, never at any other time.

Is it so? Consider the following code:

puts RUBY_VERSION, RUBY_PLATFORM

class Test
def show_safe
puts $SAFE
end
end

Test.new.show_safe
Test.new.method(:show_safe).taint.call

It produces:

:!ruby safe.rb
1.8.4
i686-linux
0
safe.rb:5:in `write': Insecure operation `write' at level 4
(SecurityError)
from safe.rb:5:in `show_safe'
from safe.rb:12


>
>> I have a plugin we developed I that uses a lot of method.call and
>> apparently according to a post at technoweeny rails forum, this
>> could be the problem ( http://www.railsweenie.com/forums...
>> 659 ) ...
>>
>> Is there any way to resolve this problem without having to stop
>> using method.call (we don't really want a major rewrite) ? What
>> exactly is the problem and why does it happen?
>
> You have code like $SAFE = 4 in your program somwhere. Use grep to
> find it.

Not necessarily. See above.

>
> Typically $SAFE = 4 is only set in a spawned thread since its so
> strict its rarely useful outside of sandboxing dangerous code.

Gennady.
1 Answer

Eric Hodel

1/9/2007 8:41:00 PM

0

On Jan 9, 2007, at 10:40, Gennady Bystritsky wrote:
> Eric Hodel wrote:
>> On Jan 8, 2007, at 22:29, Tom wrote:
>>
>>> Well I'm mailing about a problem I'm having while using the rails
>>> framework, since it does seem to be a ruby problem I thought I might
>>> as well post here
>>>
>>> I have a security level problem, for unknown reasons it switches
>>> from level 0 to level 4 and then provoke some error related to the
>>> security level...
>>
>> $SAFE is switched when you assign to it, never at any other time.
>
> Is it so? Consider the following code:
>
> Test.new.method(:show_safe).taint.call
>
> It produces:
>
> :!ruby safe.rb
> 1.8.4
> i686-linux
> 0
> safe.rb:5:in `write': Insecure operation `write' at level 4
> (SecurityError)
> from safe.rb:5:in `show_safe'
> from safe.rb:12

Interesting.

You are right. From method_call:

if (OBJ_TAINTED(method)) {
safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
}

$SAFE is only changed for the method invocation, it does not leak
into the surrounding process. puts $SAFE afterward shows the
original safe level.

--
Eric Hodel - drbrain@segment7.net - http://blog.se...

I LIT YOUR GEM ON FIRE!