summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorshugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-06-14 00:53:37 +0000
committershugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-06-14 00:53:37 +0000
commit73a229c3a5032d50f21de698869cf2117084d12f (patch)
tree16a52d44a07cdaa383cbda494eadacdadcaf83e9 /doc
parent34f25ffaf4b3e45f3bc529062a4506e8e163c87c (diff)
* NEWS: add notes for $SAFE.
* doc/security.rd: remove the description of $SAFE=4. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41290 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'doc')
-rw-r--r--doc/security.rdoc7
1 files changed, 1 insertions, 6 deletions
diff --git a/doc/security.rdoc b/doc/security.rdoc
index 2cf6531..d552f98 100644
--- a/doc/security.rdoc
+++ b/doc/security.rdoc
@@ -21,12 +21,7 @@ Ruby provides a mechanism to restrict what operations can be performed by Ruby
code in the form of the <code>$SAFE</code> variable.
However, <code>$SAFE</code> does not provide a secure environment for executing
-untrusted code even at its maximum level of +4+. <code>$SAFE</code> is
-inherently flawed as a security mechanism, as it relies on every unsafe
-operation performed by any C method to be guarded by a <code>$SAFE</code>
-check. If this check is ever missed, the entire security of the system is
-compromised. <code>$SAFE</code> also does not offer any protection against
-denial of service attacks.
+untrusted code.
If you need to execute untrusted code, you should use an operating system level
sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox