F
Florian Gross
Moin!
This ruby one-liner
ruby -ve "$SAFE = 5; system 'echo Was able to run an arbitrary command
in safe mode.'"
produces this scary result:
ruby 1.8.0 (2003-08-04) [i386-mswin32]
Was able to run an arbitrary command in safe mode.
IMHO this effectively disables all the security which $SAFE ought to
give you and should be fixed in the ruby interpreter.
However it can also be fixed without patching ruby with a few simple
lines of ruby code so you can patch existing applications as soon as
possible:
kernel_meta = class << Kernel; self; end
[kernel_meta, Object].each { |c| c.module_eval {
old_system = instance_methodsystem)
define_methodsystem) { |*args|
raise(SecurityError, "I'm afraid I can't do that, Dave") \
if $SAFE > 1
old_system.bind(self).call(*args)
}
}
Regards,
Florian Gross
This ruby one-liner
ruby -ve "$SAFE = 5; system 'echo Was able to run an arbitrary command
in safe mode.'"
produces this scary result:
ruby 1.8.0 (2003-08-04) [i386-mswin32]
Was able to run an arbitrary command in safe mode.
IMHO this effectively disables all the security which $SAFE ought to
give you and should be fixed in the ruby interpreter.
However it can also be fixed without patching ruby with a few simple
lines of ruby code so you can patch existing applications as soon as
possible:
kernel_meta = class << Kernel; self; end
[kernel_meta, Object].each { |c| c.module_eval {
old_system = instance_methodsystem)
define_methodsystem) { |*args|
raise(SecurityError, "I'm afraid I can't do that, Dave") \
if $SAFE > 1
old_system.bind(self).call(*args)
}
}
Regards,
Florian Gross