This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.
This modifies some internal functions that took a safe level argument
to no longer take the argument.
rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.
One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd. We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.
Since the current working directory is not involved in `Tempfile`
and `Dir.mktmpdir` (except for the last resort), it is incorrect
to derive the traversal path from it. Also, since the rubyspec
temporary directory is created under the build directory, this is
not involved in the target method. Fixed sporadic errors in
test-spec.
* lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the
parent directory only when using the default temporary
directory, and no check against user given directory. the
security is the user's responsibility in that case.
[ruby-core:91216] [Bug #15555]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66909 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* vm_core.h (rb_vm_t): move `rb_execution_context_t::safe_level` to
`rb_vm_t::safe_level_` because `$SAFE` is a process (VM) global state.
* vm_core.h (rb_proc_t): remove `rb_proc_t::safe_level` because `Proc`
objects don't need to keep `$SAFE` at the creation.
Also make `is_from_method` and `is_lambda` as 1 bit fields.
* cont.c (cont_restore_thread): no need to keep `$SAFE` for Continuation.
* eval.c (ruby_cleanup): use `rb_set_safe_level_force()` instead of access
`vm->safe_level_` directly.
* eval_jump.c: End procs `END{}` doesn't keep `$SAFE`.
* proc.c (proc_dup): removed and introduce `rb_proc_dup` in vm.c.
* safe.c (rb_set_safe_level): don't check `$SAFE` 1 -> 0 changes.
* safe.c (safe_setter): use `rb_set_safe_level()`.
* thread.c (rb_thread_safe_level): `Thread#safe_level` returns `$SAFE`.
It should be obsolete.
* transcode.c (load_transcoder_entry): `rb_safe_level()` only returns
0 or 1 so that this check is not needed.
* vm.c (vm_proc_create_from_captured): don't need to keep `$SAFE` for Proc.
* vm.c (rb_proc_create): renamed to `proc_create`.
* vm.c (rb_proc_dup): moved from proc.c.
* vm.c (vm_invoke_proc): do not need to set and restore `$SAFE`
for `Proc#call`.
* vm_eval.c (rb_eval_cmd): rename a local variable to represent clearer
meaning.
* lib/drb/drb.rb: restore `$SAFE`.
* lib/erb.rb: restore `$SAFE`, too.
* test/lib/leakchecker.rb: check `$SAFE == 0` at the end of tests.
* test/rubygems/test_gem.rb: do not set `$SAFE = 1`.
* bootstraptest/test_proc.rb: catch up this change.
* spec/ruby/optional/capi/string_spec.rb: ditto.
* test/bigdecimal/test_bigdecimal.rb: ditto.
* test/fiddle/test_func.rb: ditto.
* test/fiddle/test_handle.rb: ditto.
* test/net/imap/test_imap_response_parser.rb: ditto.
* test/pathname/test_pathname.rb: ditto.
* test/readline/test_readline.rb: ditto.
* test/ruby/test_file.rb: ditto.
* test/ruby/test_optimization.rb: ditto.
* test/ruby/test_proc.rb: ditto.
* test/ruby/test_require.rb: ditto.
* test/ruby/test_thread.rb: ditto.
* test/rubygems/test_gem_specification.rb: ditto.
* test/test_tempfile.rb: ditto.
* test/test_tmpdir.rb: ditto.
* test/win32ole/test_win32ole.rb: ditto.
* test/win32ole/test_win32ole_event.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61510 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/tmpdir.rb (Dir::Tmpname#create): deal with a prefix name which
starts with tilde as a plain name, not expanding as home directory.
[ruby-core:50793] [Bug #7547]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38348 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Nobuyoshi Nakada
Hiroshi SHIBATA
Jeremy Evans
nobu
normal
hsbt
ko1
kazu
naruse
akr
usa