diff options
| author | Jeremy Evans <code@jeremyevans.net> | 2019-09-20 19:06:22 -0700 |
|---|---|---|
| committer | Jeremy Evans <code@jeremyevans.net> | 2019-11-18 01:00:25 +0200 |
| commit | c5c05460ac20abcbc0ed686eb4acf06da7a39a79 (patch) | |
| tree | 991109a68f3b1cd2e256a936701d3b2badd3ddac /safe.c | |
| parent | 7b6a8b5b54448235e17ed187d9d73f56893e1b6f (diff) | |
Warn on access/modify of $SAFE, and remove effects of modifying $SAFE
This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.
This modifies some internal functions that took a safe level argument
to no longer take the argument.
rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.
One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd. We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/2476
Diffstat (limited to 'safe.c')
| -rw-r--r-- | safe.c | 36 |
1 files changed, 31 insertions, 5 deletions
@@ -28,18 +28,21 @@ int ruby_safe_level_2_warning(void) { + rb_warn("rb_safe_level_2_warning will be removed in Ruby 3.0"); return 2; } int rb_safe_level(void) { + rb_warn("rb_safe_level will be removed in Ruby 3.0"); return GET_VM()->safe_level_; } void rb_set_safe_level_force(int safe) { + rb_warn("rb_set_safe_level_force will be removed in Ruby 3.0"); GET_VM()->safe_level_ = safe; } @@ -48,6 +51,7 @@ rb_set_safe_level(int level) { rb_vm_t *vm = GET_VM(); + rb_warn("rb_set_safe_level will be removed in Ruby 3.0"); if (level > SAFE_LEVEL_MAX) { rb_raise(rb_eArgError, "$SAFE=2 to 4 are obsolete"); } @@ -68,28 +72,47 @@ rb_set_safe_level(int level) static VALUE safe_getter(ID _x, VALUE *_y) { - return INT2NUM(rb_safe_level()); + rb_warn("$SAFE will become a normal global variable in Ruby 3.0"); + return INT2NUM(GET_VM()->safe_level_); } static void safe_setter(VALUE val, ID _x, VALUE *_y) { int level = NUM2INT(val); - rb_set_safe_level(level); + rb_vm_t *vm = GET_VM(); + + rb_warn("$SAFE will become a normal global variable in Ruby 3.0"); + if (level > SAFE_LEVEL_MAX) { + rb_raise(rb_eArgError, "$SAFE=2 to 4 are obsolete"); + } + else if (level < 0) { + rb_raise(rb_eArgError, "$SAFE should be >= 0"); + } + else { + int line; + const char *path = rb_source_location_cstr(&line); + + if (0) fprintf(stderr, "%s:%d $SAFE %d -> %d\n", + path ? path : "-", line, vm->safe_level_, level); + + vm->safe_level_ = level; + } } void rb_secure(int level) { - if (level <= rb_safe_level()) { + rb_warn("rb_secure will be removed in Ruby 3.0"); + if (level <= GET_VM()->safe_level_) { ID caller_name = rb_frame_callee(); if (caller_name) { rb_raise(rb_eSecurityError, "Insecure operation `%"PRIsVALUE"' at level %d", - rb_id2str(caller_name), rb_safe_level()); + rb_id2str(caller_name), GET_VM()->safe_level_); } else { rb_raise(rb_eSecurityError, "Insecure operation at level %d", - rb_safe_level()); + GET_VM()->safe_level_); } } } @@ -97,11 +120,13 @@ rb_secure(int level) void rb_secure_update(VALUE obj) { + rb_warn("rb_secure_update will be removed in Ruby 3.0"); } void rb_insecure_operation(void) { + rb_warn("rb_insecure_operation will be removed in Ruby 3.0"); ID caller_name = rb_frame_callee(); if (caller_name) { rb_raise(rb_eSecurityError, "Insecure operation - %"PRIsVALUE, @@ -115,6 +140,7 @@ rb_insecure_operation(void) void rb_check_safe_obj(VALUE x) { + rb_warn("rb_check_safe_obj will be removed in Ruby 3.0"); if (rb_safe_level() > 0 && OBJ_TAINTED(x)) { rb_insecure_operation(); } |