2008-09-22 21:10:02 -04:00
|
|
|
/**********************************************************************
|
|
|
|
|
2010-11-23 09:36:37 -05:00
|
|
|
safe.c -
|
2008-09-22 21:10:02 -04:00
|
|
|
|
|
|
|
$Author$
|
|
|
|
created at: Tue Sep 23 09:44:32 JST 2008
|
|
|
|
|
|
|
|
Copyright (C) 2008 Yukihiro Matsumoto
|
|
|
|
|
|
|
|
**********************************************************************/
|
2006-12-31 10:02:22 -05:00
|
|
|
|
|
|
|
/* safe-level:
|
|
|
|
0 - strings from streams/environment/ARGV are tainted (default)
|
|
|
|
1 - no dangerous operation by tainted value
|
|
|
|
2 - process/file operations prohibited
|
|
|
|
3 - all generated objects are tainted
|
|
|
|
*/
|
|
|
|
|
* safe.c (rb_set_safe_level, safe_setter): raise an ArgumentError
when $SAFE is set to 4. $SAFE=4 is now obsolete.
[ruby-core:55222] [Feature #8468]
* object.c (rb_obj_untrusted, rb_obj_untrust, rb_obj_trust):
Kernel#untrusted?, untrust, and trust are now deprecated.
Their behavior is same as tainted?, taint, and untaint,
respectively.
* include/ruby/ruby.h (OBJ_UNTRUSTED, OBJ_UNTRUST): OBJ_UNTRUSTED()
and OBJ_UNTRUST() are aliases of OBJ_TAINTED() and OBJ_TAINT(),
respectively.
* array.c, class.c, debug.c, dir.c, encoding.c, error.c, eval.c,
ext/curses/curses.c, ext/dbm/dbm.c, ext/dl/cfunc.c,
ext/dl/cptr.c, ext/dl/dl.c, ext/etc/etc.c, ext/fiddle/fiddle.c,
ext/fiddle/pointer.c, ext/gdbm/gdbm.c, ext/readline/readline.c,
ext/sdbm/init.c, ext/socket/ancdata.c, ext/socket/basicsocket.c,
ext/socket/socket.c, ext/socket/udpsocket.c,
ext/stringio/stringio.c, ext/syslog/syslog.c, ext/tk/tcltklib.c,
ext/win32ole/win32ole.c, file.c, gc.c, hash.c, io.c, iseq.c,
load.c, marshal.c, object.c, proc.c, process.c, random.c, re.c,
safe.c, string.c, thread.c, transcode.c, variable.c,
vm_insnhelper.c, vm_method.c, vm_trace.c: remove code for
$SAFE=4.
* test/dl/test_dl2.rb, test/erb/test_erb.rb,
test/readline/test_readline.rb,
test/readline/test_readline_history.rb, test/ruby/test_alias.rb,
test/ruby/test_array.rb, test/ruby/test_dir.rb,
test/ruby/test_encoding.rb, test/ruby/test_env.rb,
test/ruby/test_eval.rb, test/ruby/test_exception.rb,
test/ruby/test_file_exhaustive.rb, test/ruby/test_hash.rb,
test/ruby/test_io.rb, test/ruby/test_method.rb,
test/ruby/test_module.rb, test/ruby/test_object.rb,
test/ruby/test_pack.rb, test/ruby/test_rand.rb,
test/ruby/test_regexp.rb, test/ruby/test_settracefunc.rb,
test/ruby/test_struct.rb, test/ruby/test_thread.rb,
test/ruby/test_time.rb: remove tests for $SAFE=4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-06-12 10:20:51 -04:00
|
|
|
#define SAFE_LEVEL_MAX 3
|
2007-06-24 15:23:24 -04:00
|
|
|
|
2008-09-22 21:10:02 -04:00
|
|
|
#include "ruby/ruby.h"
|
|
|
|
#include "vm_core.h"
|
|
|
|
|
2007-06-24 16:33:04 -04:00
|
|
|
/* $SAFE accessor */
|
|
|
|
|
2006-12-31 10:02:22 -05:00
|
|
|
int
|
|
|
|
rb_safe_level(void)
|
|
|
|
{
|
|
|
|
return GET_THREAD()->safe_level;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
rb_set_safe_level_force(int safe)
|
|
|
|
{
|
|
|
|
GET_THREAD()->safe_level = safe;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
rb_set_safe_level(int level)
|
|
|
|
{
|
* blockinlining.c, error.c, eval.c, eval_error.h, eval_intern.h,
eval_jump.h, eval_load.c, eval_safe.h, gc.c, proc.c, signal.c,
thread.c, thread_pthread.ci, thread_win32.ci, vm.c, vm.h,
vm_dump.c, vm_evalbody.ci, yarvcore.c, yarvcore.h:
fix typo (rb_thead_t -> rb_thread_t).
* eval_intern.h: remove unused definitions.
* common.mk: fix around vm_opts.h path
and remove harmful argument passed to insns2vm.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-02-08 01:37:46 -05:00
|
|
|
rb_thread_t *th = GET_THREAD();
|
2006-12-31 10:02:22 -05:00
|
|
|
|
|
|
|
if (level > th->safe_level) {
|
|
|
|
if (level > SAFE_LEVEL_MAX) {
|
* safe.c (rb_set_safe_level, safe_setter): raise an ArgumentError
when $SAFE is set to 4. $SAFE=4 is now obsolete.
[ruby-core:55222] [Feature #8468]
* object.c (rb_obj_untrusted, rb_obj_untrust, rb_obj_trust):
Kernel#untrusted?, untrust, and trust are now deprecated.
Their behavior is same as tainted?, taint, and untaint,
respectively.
* include/ruby/ruby.h (OBJ_UNTRUSTED, OBJ_UNTRUST): OBJ_UNTRUSTED()
and OBJ_UNTRUST() are aliases of OBJ_TAINTED() and OBJ_TAINT(),
respectively.
* array.c, class.c, debug.c, dir.c, encoding.c, error.c, eval.c,
ext/curses/curses.c, ext/dbm/dbm.c, ext/dl/cfunc.c,
ext/dl/cptr.c, ext/dl/dl.c, ext/etc/etc.c, ext/fiddle/fiddle.c,
ext/fiddle/pointer.c, ext/gdbm/gdbm.c, ext/readline/readline.c,
ext/sdbm/init.c, ext/socket/ancdata.c, ext/socket/basicsocket.c,
ext/socket/socket.c, ext/socket/udpsocket.c,
ext/stringio/stringio.c, ext/syslog/syslog.c, ext/tk/tcltklib.c,
ext/win32ole/win32ole.c, file.c, gc.c, hash.c, io.c, iseq.c,
load.c, marshal.c, object.c, proc.c, process.c, random.c, re.c,
safe.c, string.c, thread.c, transcode.c, variable.c,
vm_insnhelper.c, vm_method.c, vm_trace.c: remove code for
$SAFE=4.
* test/dl/test_dl2.rb, test/erb/test_erb.rb,
test/readline/test_readline.rb,
test/readline/test_readline_history.rb, test/ruby/test_alias.rb,
test/ruby/test_array.rb, test/ruby/test_dir.rb,
test/ruby/test_encoding.rb, test/ruby/test_env.rb,
test/ruby/test_eval.rb, test/ruby/test_exception.rb,
test/ruby/test_file_exhaustive.rb, test/ruby/test_hash.rb,
test/ruby/test_io.rb, test/ruby/test_method.rb,
test/ruby/test_module.rb, test/ruby/test_object.rb,
test/ruby/test_pack.rb, test/ruby/test_rand.rb,
test/ruby/test_regexp.rb, test/ruby/test_settracefunc.rb,
test/ruby/test_struct.rb, test/ruby/test_thread.rb,
test/ruby/test_time.rb: remove tests for $SAFE=4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-06-12 10:20:51 -04:00
|
|
|
rb_raise(rb_eArgError, "$SAFE=4 is obsolete");
|
2006-12-31 10:02:22 -05:00
|
|
|
}
|
|
|
|
th->safe_level = level;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static VALUE
|
|
|
|
safe_getter(void)
|
|
|
|
{
|
|
|
|
return INT2NUM(rb_safe_level());
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
safe_setter(VALUE val)
|
|
|
|
{
|
|
|
|
int level = NUM2INT(val);
|
* blockinlining.c, error.c, eval.c, eval_error.h, eval_intern.h,
eval_jump.h, eval_load.c, eval_safe.h, gc.c, proc.c, signal.c,
thread.c, thread_pthread.ci, thread_win32.ci, vm.c, vm.h,
vm_dump.c, vm_evalbody.ci, yarvcore.c, yarvcore.h:
fix typo (rb_thead_t -> rb_thread_t).
* eval_intern.h: remove unused definitions.
* common.mk: fix around vm_opts.h path
and remove harmful argument passed to insns2vm.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-02-08 01:37:46 -05:00
|
|
|
rb_thread_t *th = GET_THREAD();
|
2006-12-31 10:02:22 -05:00
|
|
|
|
|
|
|
if (level < th->safe_level) {
|
|
|
|
rb_raise(rb_eSecurityError,
|
|
|
|
"tried to downgrade safe level from %d to %d",
|
|
|
|
th->safe_level, level);
|
|
|
|
}
|
2008-11-07 15:35:10 -05:00
|
|
|
if (level == 3) {
|
* safe.c (rb_set_safe_level, safe_setter): raise an ArgumentError
when $SAFE is set to 4. $SAFE=4 is now obsolete.
[ruby-core:55222] [Feature #8468]
* object.c (rb_obj_untrusted, rb_obj_untrust, rb_obj_trust):
Kernel#untrusted?, untrust, and trust are now deprecated.
Their behavior is same as tainted?, taint, and untaint,
respectively.
* include/ruby/ruby.h (OBJ_UNTRUSTED, OBJ_UNTRUST): OBJ_UNTRUSTED()
and OBJ_UNTRUST() are aliases of OBJ_TAINTED() and OBJ_TAINT(),
respectively.
* array.c, class.c, debug.c, dir.c, encoding.c, error.c, eval.c,
ext/curses/curses.c, ext/dbm/dbm.c, ext/dl/cfunc.c,
ext/dl/cptr.c, ext/dl/dl.c, ext/etc/etc.c, ext/fiddle/fiddle.c,
ext/fiddle/pointer.c, ext/gdbm/gdbm.c, ext/readline/readline.c,
ext/sdbm/init.c, ext/socket/ancdata.c, ext/socket/basicsocket.c,
ext/socket/socket.c, ext/socket/udpsocket.c,
ext/stringio/stringio.c, ext/syslog/syslog.c, ext/tk/tcltklib.c,
ext/win32ole/win32ole.c, file.c, gc.c, hash.c, io.c, iseq.c,
load.c, marshal.c, object.c, proc.c, process.c, random.c, re.c,
safe.c, string.c, thread.c, transcode.c, variable.c,
vm_insnhelper.c, vm_method.c, vm_trace.c: remove code for
$SAFE=4.
* test/dl/test_dl2.rb, test/erb/test_erb.rb,
test/readline/test_readline.rb,
test/readline/test_readline_history.rb, test/ruby/test_alias.rb,
test/ruby/test_array.rb, test/ruby/test_dir.rb,
test/ruby/test_encoding.rb, test/ruby/test_env.rb,
test/ruby/test_eval.rb, test/ruby/test_exception.rb,
test/ruby/test_file_exhaustive.rb, test/ruby/test_hash.rb,
test/ruby/test_io.rb, test/ruby/test_method.rb,
test/ruby/test_module.rb, test/ruby/test_object.rb,
test/ruby/test_pack.rb, test/ruby/test_rand.rb,
test/ruby/test_regexp.rb, test/ruby/test_settracefunc.rb,
test/ruby/test_struct.rb, test/ruby/test_thread.rb,
test/ruby/test_time.rb: remove tests for $SAFE=4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-06-12 10:20:51 -04:00
|
|
|
rb_warning("$SAFE=3 does no sandboxing");
|
2008-11-07 15:35:10 -05:00
|
|
|
}
|
2006-12-31 10:02:22 -05:00
|
|
|
if (level > SAFE_LEVEL_MAX) {
|
* safe.c (rb_set_safe_level, safe_setter): raise an ArgumentError
when $SAFE is set to 4. $SAFE=4 is now obsolete.
[ruby-core:55222] [Feature #8468]
* object.c (rb_obj_untrusted, rb_obj_untrust, rb_obj_trust):
Kernel#untrusted?, untrust, and trust are now deprecated.
Their behavior is same as tainted?, taint, and untaint,
respectively.
* include/ruby/ruby.h (OBJ_UNTRUSTED, OBJ_UNTRUST): OBJ_UNTRUSTED()
and OBJ_UNTRUST() are aliases of OBJ_TAINTED() and OBJ_TAINT(),
respectively.
* array.c, class.c, debug.c, dir.c, encoding.c, error.c, eval.c,
ext/curses/curses.c, ext/dbm/dbm.c, ext/dl/cfunc.c,
ext/dl/cptr.c, ext/dl/dl.c, ext/etc/etc.c, ext/fiddle/fiddle.c,
ext/fiddle/pointer.c, ext/gdbm/gdbm.c, ext/readline/readline.c,
ext/sdbm/init.c, ext/socket/ancdata.c, ext/socket/basicsocket.c,
ext/socket/socket.c, ext/socket/udpsocket.c,
ext/stringio/stringio.c, ext/syslog/syslog.c, ext/tk/tcltklib.c,
ext/win32ole/win32ole.c, file.c, gc.c, hash.c, io.c, iseq.c,
load.c, marshal.c, object.c, proc.c, process.c, random.c, re.c,
safe.c, string.c, thread.c, transcode.c, variable.c,
vm_insnhelper.c, vm_method.c, vm_trace.c: remove code for
$SAFE=4.
* test/dl/test_dl2.rb, test/erb/test_erb.rb,
test/readline/test_readline.rb,
test/readline/test_readline_history.rb, test/ruby/test_alias.rb,
test/ruby/test_array.rb, test/ruby/test_dir.rb,
test/ruby/test_encoding.rb, test/ruby/test_env.rb,
test/ruby/test_eval.rb, test/ruby/test_exception.rb,
test/ruby/test_file_exhaustive.rb, test/ruby/test_hash.rb,
test/ruby/test_io.rb, test/ruby/test_method.rb,
test/ruby/test_module.rb, test/ruby/test_object.rb,
test/ruby/test_pack.rb, test/ruby/test_rand.rb,
test/ruby/test_regexp.rb, test/ruby/test_settracefunc.rb,
test/ruby/test_struct.rb, test/ruby/test_thread.rb,
test/ruby/test_time.rb: remove tests for $SAFE=4.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-06-12 10:20:51 -04:00
|
|
|
rb_raise(rb_eArgError, "$SAFE=4 is obsolete");
|
2006-12-31 10:02:22 -05:00
|
|
|
}
|
|
|
|
th->safe_level = level;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
rb_secure(int level)
|
|
|
|
{
|
|
|
|
if (level <= rb_safe_level()) {
|
2013-05-24 18:03:41 -04:00
|
|
|
ID caller_name = rb_frame_callee();
|
|
|
|
if (caller_name) {
|
2006-12-31 10:02:22 -05:00
|
|
|
rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d",
|
2013-05-24 18:03:41 -04:00
|
|
|
rb_id2name(caller_name), rb_safe_level());
|
2006-12-31 10:02:22 -05:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
rb_raise(rb_eSecurityError, "Insecure operation at level %d",
|
|
|
|
rb_safe_level());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
rb_secure_update(VALUE obj)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
2009-06-23 08:28:16 -04:00
|
|
|
void
|
|
|
|
rb_insecure_operation(void)
|
|
|
|
{
|
2013-05-24 18:03:41 -04:00
|
|
|
ID caller_name = rb_frame_callee();
|
|
|
|
if (caller_name) {
|
2009-06-23 08:28:16 -04:00
|
|
|
rb_raise(rb_eSecurityError, "Insecure operation - %s",
|
2013-05-24 18:03:41 -04:00
|
|
|
rb_id2name(caller_name));
|
2009-06-23 08:28:16 -04:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
rb_raise(rb_eSecurityError, "Insecure operation: -r");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-12-31 10:02:22 -05:00
|
|
|
void
|
|
|
|
rb_check_safe_obj(VALUE x)
|
|
|
|
{
|
|
|
|
if (rb_safe_level() > 0 && OBJ_TAINTED(x)) {
|
2009-06-23 08:28:16 -04:00
|
|
|
rb_insecure_operation();
|
2006-12-31 10:02:22 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
rb_check_safe_str(VALUE x)
|
|
|
|
{
|
|
|
|
rb_check_safe_obj(x);
|
2011-09-29 07:07:45 -04:00
|
|
|
if (!RB_TYPE_P(x, T_STRING)) {
|
2006-12-31 10:02:22 -05:00
|
|
|
rb_raise(rb_eTypeError, "wrong argument type %s (expected String)",
|
|
|
|
rb_obj_classname(x));
|
|
|
|
}
|
|
|
|
}
|
2008-09-22 21:10:02 -04:00
|
|
|
|
|
|
|
void
|
|
|
|
Init_safe(void)
|
|
|
|
{
|
|
|
|
rb_define_virtual_variable("$SAFE", safe_getter, safe_setter);
|
|
|
|
}
|