diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | bootstraptest/test_method.rb | 16 | ||||
| -rw-r--r-- | ext/socket/init.c | 2 | ||||
| -rw-r--r-- | ext/socket/socket.c | 4 | ||||
| -rw-r--r-- | ext/socket/tcpsocket.c | 1 | ||||
| -rw-r--r-- | ext/socket/udpsocket.c | 4 | ||||
| -rw-r--r-- | gc.c | 1 | ||||
| -rw-r--r-- | include/ruby/ruby.h | 12 | ||||
| -rw-r--r-- | object.c | 2 | ||||
| -rw-r--r-- | re.c | 3 | ||||
| -rw-r--r-- | safe.c | 6 | ||||
| -rw-r--r-- | test/erb/test_erb.rb | 7 | ||||
| -rw-r--r-- | test/ruby/test_dir.rb | 17 | ||||
| -rw-r--r-- | test/ruby/test_file.rb | 6 | ||||
| -rw-r--r-- | test/ruby/test_method.rb | 13 | ||||
| -rw-r--r-- | test/ruby/test_regexp.rb | 13 | ||||
| -rw-r--r-- | test/ruby/test_thread.rb | 4 |
17 files changed, 23 insertions, 100 deletions
@@ -1,3 +1,15 @@ +Wed Jun 17 14:29:43 2015 SHIBATA Hiroshi <[email protected]> + + * include/ruby/ruby.h: $SAFE=3 is now obsolete. + + * ext/socket/init.c, ext/socket/socket.c, ext/socket/tcpsocket.c + ext/socket/udpsocket.c, gc.c, object.c, re.c, safe.c: removed code + for $SAFE=3 + + * bootstraptest/test_method.rb, test/erb/test_erb.rb, test/ruby/test_dir.rb + test/ruby/test_file.rb, test/ruby/test_method.rb, test/ruby/test_regexp.rb + test/ruby/test_thread.rb: remove tests for $SAFE=3 + Wed Jun 17 12:13:33 2015 SHIBATA Hiroshi <[email protected]> * ChangeLog: added contibutor name. diff --git a/bootstraptest/test_method.rb b/bootstraptest/test_method.rb index 0a7cb0a577..749874cc5a 100644 --- a/bootstraptest/test_method.rb +++ b/bootstraptest/test_method.rb @@ -922,22 +922,6 @@ assert_equal 'ok', %q{ }, '[ruby-core:11998]' assert_equal 'ok', %q{ - proc{ - $SAFE = 3 - class C - def m - :ng - end - end - }.call - begin - C.new.m - rescue SecurityError - :ok - end -}, '[ruby-core:11998]' - -assert_equal 'ok', %q{ class B def m() :fail end end diff --git a/ext/socket/init.c b/ext/socket/init.c index ab6b52aab3..34f6a116f0 100644 --- a/ext/socket/init.c +++ b/ext/socket/init.c @@ -555,7 +555,6 @@ rsock_s_accept_nonblock(int argc, VALUE *argv, VALUE klass, rb_io_t *fptr, rb_scan_args(argc, argv, "0:", &opts); - rb_secure(3); rb_io_set_nonblock(fptr); fd2 = cloexec_accept(fptr->fd, (struct sockaddr*)sockaddr, len, 1); if (fd2 < 0) { @@ -598,7 +597,6 @@ rsock_s_accept(VALUE klass, int fd, struct sockaddr *sockaddr, socklen_t *len) int retry = 0; struct accept_arg arg; - rb_secure(3); arg.fd = fd; arg.sockaddr = sockaddr; arg.len = len; diff --git a/ext/socket/socket.c b/ext/socket/socket.c index f2d4323a89..2cda4cbaf5 100644 --- a/ext/socket/socket.c +++ b/ext/socket/socket.c @@ -140,7 +140,6 @@ sock_initialize(int argc, VALUE *argv, VALUE sock) if (NIL_P(protocol)) protocol = INT2FIX(0); - rb_secure(3); setup_domain_and_type(domain, &d, type, &t); fd = rsock_socket(d, t, NUM2INT(protocol)); if (fd < 0) rb_sys_fail("socket(2)"); @@ -1059,7 +1058,6 @@ sock_gethostname(VALUE obj) char buf[RUBY_MAX_HOST_NAME_LEN+1]; - rb_secure(3); if (gethostname(buf, (int)sizeof buf - 1) < 0) rb_sys_fail("gethostname(3)"); @@ -1076,7 +1074,6 @@ sock_gethostname(VALUE obj) { struct utsname un; - rb_secure(3); uname(&un); return rb_str_new2(un.nodename); } @@ -1143,7 +1140,6 @@ sock_sockaddr(struct sockaddr *addr, socklen_t len) static VALUE sock_s_gethostbyname(VALUE obj, VALUE host) { - rb_secure(3); return rsock_make_hostent(host, rsock_addrinfo(host, Qnil, SOCK_STREAM, AI_CANONNAME), sock_sockaddr); } diff --git a/ext/socket/tcpsocket.c b/ext/socket/tcpsocket.c index 6217e424d9..65943a7a59 100644 --- a/ext/socket/tcpsocket.c +++ b/ext/socket/tcpsocket.c @@ -50,7 +50,6 @@ tcp_sockaddr(struct sockaddr *addr, socklen_t len) static VALUE tcp_s_gethostbyname(VALUE obj, VALUE host) { - rb_secure(3); return rsock_make_hostent(host, rsock_addrinfo(host, Qnil, SOCK_STREAM, AI_CANONNAME), tcp_sockaddr); } diff --git a/ext/socket/udpsocket.c b/ext/socket/udpsocket.c index c4fdd5a857..3425a50501 100644 --- a/ext/socket/udpsocket.c +++ b/ext/socket/udpsocket.c @@ -30,7 +30,6 @@ udp_init(int argc, VALUE *argv, VALUE sock) int family = AF_INET; int fd; - rb_secure(3); if (rb_scan_args(argc, argv, "01", &arg) == 1) { family = rsock_family_arg(arg); } @@ -85,7 +84,6 @@ udp_connect(VALUE sock, VALUE host, VALUE port) struct udp_arg arg; VALUE ret; - rb_secure(3); arg.res = rsock_addrinfo(host, port, SOCK_DGRAM, 0); GetOpenFile(sock, fptr); arg.fd = fptr->fd; @@ -114,7 +112,6 @@ udp_bind(VALUE sock, VALUE host, VALUE port) struct rb_addrinfo *res0; struct addrinfo *res; - rb_secure(3); res0 = rsock_addrinfo(host, port, SOCK_DGRAM, 0); GetOpenFile(sock, fptr); for (res = res0->ai; res; res = res->ai_next) { @@ -267,4 +264,3 @@ rsock_init_udpsocket(void) rb_define_method(rb_cUDPSocket, "send", udp_send, -1); rb_define_method(rb_cUDPSocket, "recvfrom_nonblock", udp_recvfrom_nonblock, -1); } - @@ -1719,7 +1719,6 @@ newobj_of(VALUE klass, VALUE flags, VALUE v1, VALUE v2, VALUE v3) /* OBJSETUP */ RBASIC(obj)->flags = flags & ~FL_WB_PROTECTED; RBASIC_SET_CLASS_RAW(obj, klass); - if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT); RANY(obj)->as.values.v1 = v1; RANY(obj)->as.values.v2 = v2; RANY(obj)->as.values.v3 = v3; diff --git a/include/ruby/ruby.h b/include/ruby/ruby.h index b3c05391be..5379cd8e73 100644 --- a/include/ruby/ruby.h +++ b/include/ruby/ruby.h @@ -572,15 +572,15 @@ VALUE rb_get_path(VALUE); VALUE rb_get_path_no_checksafe(VALUE); #define FilePathStringValue(v) ((v) = rb_get_path_no_checksafe(v)) -#define RUBY_SAFE_LEVEL_MAX 3 +#define RUBY_SAFE_LEVEL_MAX 2 void rb_secure(int); int rb_safe_level(void); void rb_set_safe_level(int); #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)) -int ruby_safe_level_4_error(void) __attribute__((error("$SAFE=4 is obsolete"))); -int ruby_safe_level_4_warning(void) __attribute__((warning("$SAFE=4 is obsolete"))); +int ruby_safe_level_3_error(void) __attribute__((error("$SAFE=3 and 4 is obsolete"))); +int ruby_safe_level_3_warning(void) __attribute__((warning("$SAFE=3 and 4 is obsolete"))); # ifdef RUBY_EXPORT -# define ruby_safe_level_4_warning() ruby_safe_level_4_error() +# define ruby_safe_level_3_warning() ruby_safe_level_3_error() # endif #if defined(HAVE_BUILTIN___BUILTIN_CHOOSE_EXPR_CONSTANT_P) # define RUBY_SAFE_LEVEL_INVALID_P(level) \ @@ -589,7 +589,7 @@ int ruby_safe_level_4_warning(void) __attribute__((warning("$SAFE=4 is obsolete" __builtin_constant_p(level), \ ((level) < 0 || RUBY_SAFE_LEVEL_MAX < (level)), 0)) # define RUBY_SAFE_LEVEL_CHECK(level, type) \ - __extension__(__builtin_choose_expr(RUBY_SAFE_LEVEL_INVALID_P(level), ruby_safe_level_4_##type(), (level))) + __extension__(__builtin_choose_expr(RUBY_SAFE_LEVEL_INVALID_P(level), ruby_safe_level_3_##type(), (level))) #else /* in gcc 4.8 or earlier, __builtin_choose_expr() does not consider * __builtin_constant_p(variable) a constant expression. @@ -598,7 +598,7 @@ int ruby_safe_level_4_warning(void) __attribute__((warning("$SAFE=4 is obsolete" __extension__(__builtin_constant_p(level) && \ ((level) < 0 || RUBY_SAFE_LEVEL_MAX < (level))) # define RUBY_SAFE_LEVEL_CHECK(level, type) \ - (RUBY_SAFE_LEVEL_INVALID_P(level) ? ruby_safe_level_4_##type() : (level)) + (RUBY_SAFE_LEVEL_INVALID_P(level) ? ruby_safe_level_3_##type() : (level)) #endif #define rb_secure(level) rb_secure(RUBY_SAFE_LEVEL_CHECK(level, warning)) #define rb_set_safe_level(level) rb_set_safe_level(RUBY_SAFE_LEVEL_CHECK(level, error)) @@ -70,7 +70,6 @@ rb_obj_setup(VALUE obj, VALUE klass, VALUE type) { RBASIC(obj)->flags = type; RBASIC_SET_CLASS(obj, klass); - if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT); return obj; } @@ -982,7 +981,6 @@ rb_obj_taint(VALUE obj) VALUE rb_obj_untaint(VALUE obj) { - rb_secure(3); if (OBJ_TAINTED(obj)) { rb_check_frozen(obj); FL_UNSET(obj, FL_TAINT); @@ -1489,9 +1489,6 @@ rb_reg_search0(VALUE re, VALUE str, long pos, int reverse, int set_backref_str) if (err) rb_memerror(); } else { - if (rb_safe_level() >= 3) - OBJ_TAINT(match); - else FL_UNSET(match, FL_TAINT); } @@ -25,7 +25,7 @@ #undef rb_secure #undef rb_set_safe_level -#undef ruby_safe_level_4_warning +#undef ruby_safe_level_3_warning int ruby_safe_level_4_warning(void) @@ -52,7 +52,7 @@ rb_set_safe_level(int level) if (level > th->safe_level) { if (level > SAFE_LEVEL_MAX) { - rb_raise(rb_eArgError, "$SAFE=4 is obsolete"); + rb_raise(rb_eArgError, "$SAFE=3 and 4 is obsolete"); } th->safe_level = level; } @@ -79,7 +79,7 @@ safe_setter(VALUE val) rb_warning("$SAFE=3 does no sandboxing"); } if (level > SAFE_LEVEL_MAX) { - rb_raise(rb_eArgError, "$SAFE=4 is obsolete"); + rb_raise(rb_eArgError, "$SAFE=3 and 4 is obsolete"); } th->safe_level = level; } diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb index 107ad1a0da..150df1dc26 100644 --- a/test/erb/test_erb.rb +++ b/test/erb/test_erb.rb @@ -90,13 +90,6 @@ class TestERBCore < Test::Unit::TestCase _test_core(0) _test_core(1) _test_core(2) - orig = $VERBOSE - begin - $VERBOSE = false - _test_core(3) - ensure - $VERBOSE = orig - end end def _test_core(safe) diff --git a/test/ruby/test_dir.rb b/test/ruby/test_dir.rb index 9e92286905..44c9b7c5f7 100644 --- a/test/ruby/test_dir.rb +++ b/test/ruby/test_dir.rb @@ -325,21 +325,4 @@ class TestDir < Test::Unit::TestCase end } end - - def test_insecure_chdir - assert_raise(SecurityError) do - proc do - $SAFE=3 - Dir.chdir("/") - end.call - end - m = "\u{79fb 52d5}" - d = Class.new(Dir) {singleton_class.class_eval {alias_method m, :chdir}} - assert_raise_with_message(SecurityError, /#{m}/) do - proc do - $SAFE=3 - d.__send__(m, "/") - end.call - end - end end diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb index a700527a4e..8335b78760 100644 --- a/test/ruby/test_file.rb +++ b/test/ruby/test_file.rb @@ -409,12 +409,6 @@ class TestFile < Test::Unit::TestCase (0..1).each do |level| assert_nothing_raised(SecurityError, bug5374) {in_safe[level]} end - def (s = Object.new).to_path; "".taint; end - m = "\u{691c 67fb}" - (c = Class.new(File)).singleton_class.class_eval {alias_method m, :stat} - assert_raise_with_message(SecurityError, /#{m}/) { - proc {$SAFE = 3; c.__send__(m, s)}.call - } end if /(bcc|ms|cyg)win|mingw|emx/ =~ RUBY_PLATFORM diff --git a/test/ruby/test_method.rb b/test/ruby/test_method.rb index 04042448fc..1cff8318ab 100644 --- a/test/ruby/test_method.rb +++ b/test/ruby/test_method.rb @@ -879,19 +879,6 @@ class TestMethod < Test::Unit::TestCase assert_equal n , rest_parameter(*(1..n)).size, '[Feature #10440]' end - def test_insecure_method - m = "\u{5371 967a}" - c = Class.new do - proc {$SAFE=3;def foo;end}.call - alias_method m, "foo" - eval "def bar; #{m}; end" - end - obj = c.new - assert_raise_with_message(SecurityError, /#{m}/) do - obj.bar - end - end - class C D = "Const_D" def foo diff --git a/test/ruby/test_regexp.rb b/test/ruby/test_regexp.rb index cef21b99aa..a3fdd59738 100644 --- a/test/ruby/test_regexp.rb +++ b/test/ruby/test_regexp.rb @@ -585,19 +585,6 @@ class TestRegexp < Test::Unit::TestCase assert_equal(3, "foobarbaz\u3042".rindex(/b../n, 5)) end - def test_taint - m = Thread.new do - "foo"[/foo/] - $SAFE = 3 - /foo/.match("foo") - end.value - assert_predicate(m, :tainted?) - assert_nothing_raised('[ruby-core:26137]') { - m = proc {$SAFE = 3; %r"#{ }"o}.call - } - assert_predicate(m, :tainted?) - end - def assert_regexp(re, ss, fs = [], msg = nil) re = Regexp.new(re) unless re.is_a?(Regexp) ss = [ss] unless ss.is_a?(Array) diff --git a/test/ruby/test_thread.rb b/test/ruby/test_thread.rb index 0eb57628d3..be8a28a14b 100644 --- a/test/ruby/test_thread.rb +++ b/test/ruby/test_thread.rb @@ -389,14 +389,14 @@ class TestThread < Test::Unit::TestCase ok = false t = Thread.new do EnvUtil.suppress_warning do - $SAFE = 3 + $SAFE = 1 end ok = true sleep end Thread.pass until ok assert_equal(0, Thread.current.safe_level) - assert_equal(3, t.safe_level) + assert_equal(1, t.safe_level) ensure t.kill if t |