* NEWS: add notes for $SAFE.

* doc/security.rd: remove the description of $SAFE=4. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41290 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-06-14 00:53:37 +00:00 · 2013-06-14 00:53:37 +00:00 · 73a229c3a5
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Fri Jun 14 09:48:48 2013  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* NEWS: add notes for $SAFE.
+
+	* doc/security.rd: remove the description of $SAFE=4.
+
 Fri Jun 14 00:14:29 2013  Tanaka Akira  <akr@fsij.org>

 	* bignum.c (bigdivrem): Zero test condition simplified.
--- a/10
+++ b/10
@ -43,6 +43,10 @@ with all sufficient information, see the ChangeLog file.

 === Core classes compatibility issues (excluding feature bug fixes)

+* Kernel#untrusted?, untrust, and trust
+  * These methods are deprecated and their behavior is same as tainted?,
+    taint, and untaint, respectively.  If $VERBOSE is true, they show warnings.
+
 * IO
  * incompatible changes:
    * open ignore internal encoding if external encoding is ASCII-8BIT.
@ -120,4 +124,10 @@ with all sufficient information, see the ChangeLog file.
      It gets encoding argument to convert before percent encode.
      UTF-16 strings aren't converted to UTF-8 before percent encode by default.

+=== Built-in global variables compatibility issues
+
+* $SAFE
+  * $SAFE=4 is obsolete.  If $SAFE is set to 4 or larger, an ArgumentError
+    is raised.
+
 === C API updates
--- a/doc/security.rdoc
+++ b/doc/security.rdoc
@ -21,12 +21,7 @@ Ruby provides a mechanism to restrict what operations can be performed by Ruby
 code in the form of the <code>$SAFE</code> variable.

 However, <code>$SAFE</code> does not provide a secure environment for executing
-untrusted code even at its maximum level of +4+. <code>$SAFE</code> is
-inherently flawed as a security mechanism, as it relies on every unsafe
-operation performed by any C method to be guarded by a <code>$SAFE</code>
-check. If this check is ever missed, the entire security of the system is
-compromised. <code>$SAFE</code> also does not offer any protection against
-denial of service attacks.
+untrusted code.

 If you need to execute untrusted code, you should use an operating system level
 sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox