David Vallner
2/20/2007 3:39:00 PM
On Tue, 20 Feb 2007 15:38:52 +0100, James Smith <jmdjmsmith@msn.com> wro=
te:
> Thanks for your comments..
>
> I'm trying:
>
> ruby -r userlib -T3 program.rb
>
> This doesn't seem to be working with the -r option (i also want to loa=
d
> in the file userlib.rb) - are the two options compatible together?
>
Quoth the Pickaxe, ed. 1: ">=3D 2 -- Ruby prohibits the loading of progr=
am =
files from globally writable locations."
D:\UserPrfs\VALLNERD>type foo.rb
require "yaml"
y [1, 2, {:foo =3D> 'bar'}]
Amusingly enough:
D:\UserPrfs\VALLNERD>attrib -R /s c:\ruby\lib\*
D:\UserPrfs\VALLNERD>ruby -T2 foo.rb
---
- 1
- 2
- :foo: bar
(So either that has been changed since the first edition, or the win32 =
port plain doesn't even try to do that check.)
D:\UserPrfs\VALLNERD>ruby -T2 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)
o 0 (WTF.) I have no idea what's going on there, besides the interpret=
er =
obviously evaluating even arguments it's supposed to parse =
order-dependently.
D:\UserPrfs\VALLNERD>ruby -ryaml -T2 foo.rb
---
- 1
- 2
- :foo: bar
While:
D:\UserPrfs\VALLNERD>attrib +R /s c:\ruby\lib\*
D:\UserPrfs\VALLNERD>ruby -ryaml -T3 foo.rb
ruby: Insecure operation: -r (SecurityError)
D:\UserPrfs\VALLNERD>ruby -T3 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)
D:\UserPrfs\VALLNERD>ruby -T3 foo.rb
foo.rb:1:in `require': Insecure operation - require (SecurityError)
from foo.rb:1
still breaks, even though Pickaxe ed. 1 doesn't mention further code =
loading restrictions. (This doesn't mean much, while two major versions =
of =
development do.) Alas, my Pickaxe 2 is on a non-working USB stick and =
(hopefully) another computer, so some $SAFE-guru could clarify this.