diff options
| author | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-06-14 00:53:37 +0000 |
|---|---|---|
| committer | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-06-14 00:53:37 +0000 |
| commit | 73a229c3a5032d50f21de698869cf2117084d12f (patch) | |
| tree | 16a52d44a07cdaa383cbda494eadacdadcaf83e9 | |
| parent | 34f25ffaf4b3e45f3bc529062a4506e8e163c87c (diff) | |
* NEWS: add notes for $SAFE.
* doc/security.rd: remove the description of $SAFE=4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41290 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | NEWS | 10 | ||||
| -rw-r--r-- | doc/security.rdoc | 7 |
3 files changed, 17 insertions, 6 deletions
@@ -1,3 +1,9 @@ +Fri Jun 14 09:48:48 2013 Shugo Maeda <[email protected]> + + * NEWS: add notes for $SAFE. + + * doc/security.rd: remove the description of $SAFE=4. + Fri Jun 14 00:14:29 2013 Tanaka Akira <[email protected]> * bignum.c (bigdivrem): Zero test condition simplified. @@ -43,6 +43,10 @@ with all sufficient information, see the ChangeLog file. === Core classes compatibility issues (excluding feature bug fixes) +* Kernel#untrusted?, untrust, and trust + * These methods are deprecated and their behavior is same as tainted?, + taint, and untaint, respectively. If $VERBOSE is true, they show warnings. + * IO * incompatible changes: * open ignore internal encoding if external encoding is ASCII-8BIT. @@ -120,4 +124,10 @@ with all sufficient information, see the ChangeLog file. It gets encoding argument to convert before percent encode. UTF-16 strings aren't converted to UTF-8 before percent encode by default. +=== Built-in global variables compatibility issues + +* $SAFE + * $SAFE=4 is obsolete. If $SAFE is set to 4 or larger, an ArgumentError + is raised. + === C API updates diff --git a/doc/security.rdoc b/doc/security.rdoc index 2cf6531785..d552f9876c 100644 --- a/doc/security.rdoc +++ b/doc/security.rdoc @@ -21,12 +21,7 @@ Ruby provides a mechanism to restrict what operations can be performed by Ruby code in the form of the <code>$SAFE</code> variable. However, <code>$SAFE</code> does not provide a secure environment for executing -untrusted code even at its maximum level of +4+. <code>$SAFE</code> is -inherently flawed as a security mechanism, as it relies on every unsafe -operation performed by any C method to be guarded by a <code>$SAFE</code> -check. If this check is ever missed, the entire security of the system is -compromised. <code>$SAFE</code> also does not offer any protection against -denial of service attacks. +untrusted code. If you need to execute untrusted code, you should use an operating system level sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox |