add safe_leve, default_safe_level ([druby-ja:120])

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7966 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2005-02-13 15:13:54 +00:00 · 2005-02-13 15:13:54 +00:00 · 2681be1eed
commit 2681be1eed
parent 1a22e46d60
5 changed files with 65 additions and 9 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Mon Feb 14 00:10:17 2005  Masatoshi SEKI  <m_seki@mva.biglobe.ne.jp>
+
+	* lib/drb/drb.rb (DRbServer): add default_safe_level, safe_level,
+	  config[:safe_level] ([druby-ja:120])
+
+	* test/drb/test_drb.rb, ut_eval.rb, ut_safe1.rb: ditto.
+
 Sun Feb 13 23:13:46 2005  Kouhei Sutou  <kou@cozmixng.org>

 	* lib/rss/dublincore.rb (RSS::DublicCoreModel#date{,=}): added
--- a/lib/drb/drb.rb
+++ b/lib/drb/drb.rb
@ -1186,6 +1186,7 @@ module DRb
    @@argc_limit = 256
    @@load_limit = 256 * 102400
    @@verbose = false
+    @@safe_level = 0

    # Set the default value for the :argc_limit option.
    #
@ -1215,6 +1216,10 @@ module DRb
      @@idconv = idconv
    end

+    def self.default_sefe_level(level)
+      @@level = level
+    end
+
    # Set the default value of the :verbose option.
    #
    # See #new().  The initial default value is false.
@ -1233,7 +1238,8 @@ module DRb
 	:verbose => @@verbose,
 	:tcp_acl => @@acl,
 	:load_limit => @@load_limit,
-	:argc_limit => @@argc_limit
+	:argc_limit => @@argc_limit,
+        :safe_level => @@safe_level
      }
      default_config.update(hash)
    end
@ -1298,6 +1304,7 @@ module DRb

      @front = front
      @idconv = @config[:idconv]
+      @safe_level = @config[:safe_level]

      @grp = ThreadGroup.new
      @thread = run
@ -1326,6 +1333,8 @@ module DRb
    # The configuration of this DRbServer
    attr_reader :config

+    attr_reader :safe_level
+
    # Set whether to operate in verbose mode.
    #
    # In verbose mode, failed calls are logged to stdout.
@ -1395,7 +1404,7 @@ module DRb
    #
    # These methods are not callable via dRuby.
    INSECURE_METHOD = [
-      :__send__, :instance_eval, :module_eval, :class_eval
+      :__send__
    ]

    # Has a method been included in the list of insecure methods?
@ -1440,6 +1449,7 @@ module DRb
    class InvokeMethod  # :nodoc:
      def initialize(drb_server, client)
 	@drb_server = drb_server
+        @safe_level = drb_server.safe_level
 	@client = client
      end

@ -1447,10 +1457,28 @@ module DRb
 	@result = nil
 	@succ = false
 	setup_message
-        if @block
-          @result = perform_with_block
+
+        if $SAFE < @safe_level
+          info = Thread.current['DRb']
+          if @block
+            @result = Thread.new { 
+              Thread.current['DRb'] = info
+              $SAFE = @safe_level
+              perform_with_block
+            }.value
+          else
+            @result = Thread.new { 
+              Thread.current['DRb'] = info
+              $SAFE = @safe_level
+              perform_without_block
+            }.value
+          end
        else
-          @result = perform_without_block
+          if @block
+            @result = perform_with_block
+          else
+            @result = perform_without_block
+          end
        end
 	@succ = true
 	if @msg_id == :to_ary
--- a/test/drb/test_drb.rb
+++ b/test/drb/test_drb.rb
@ -209,7 +209,7 @@ class TestDRbEval < Test::Unit::TestCase
    @ext.stop_service if @ext
  end
  
-  def test_01_safe1_eval
+  def test_01_safe1_safe4_eval
    assert_raises(SecurityError) do
      @there.method_missing(:instance_eval, 'ENV.inspect')
    end
@ -227,6 +227,19 @@ class TestDRbEval < Test::Unit::TestCase
    assert_raises(SecurityError) do
      remote_class.module_eval('ENV.inspect')
    end
+
+    four = @there.four
+    assert_equal(1, four.method_missing(:send, :eval, '1'))
+    
+    remote_class = four.remote_class
+
+    assert_raises(SecurityError) do
+      remote_class.class_eval('ENV.inspect')
+    end
+
+    assert_raises(SecurityError) do
+      remote_class.module_eval('ENV.inspect')
+    end
  end
 end

--- a/test/drb/ut_eval.rb
+++ b/test/drb/ut_eval.rb
@ -2,6 +2,14 @@ require 'drb/drb'
 require 'drb/extserv'

 class EvalAttack
+  def initialize
+    @four = DRb::DRbServer.new('druby://localhost:0', self, {:safe_level => 4})
+  end
+
+  def four
+    DRbObject.new_with_uri(@four.uri)
+  end
+
  def remote_class
    DRbObject.new(self.class)
  end
@ -17,7 +25,7 @@ if __FILE__ == $0

  $SAFE = 1

-  DRb.start_service('druby://localhost:0', EvalAttack.new)
+  DRb.start_service('druby://localhost:0', EvalAttack.new, {:safe_level => 2})
  es = DRb::ExtServ.new(ARGV.shift, ARGV.shift)
  DRb.thread.join
 end
--- a/test/drb/ut_safe1.rb
+++ b/test/drb/ut_safe1.rb
@ -9,8 +9,8 @@ if __FILE__ == $0
  end

  $SAFE = 1
-
-  DRb.start_service('druby://localhost:0', [1, 2, 'III', 4, "five", 6])
+  DRb.start_service('druby://localhost:0', [1, 2, 'III', 4, "five", 6], 
+                    {:safe_level => 1})
  es = DRb::ExtServ.new(ARGV.shift, ARGV.shift)
  DRb.thread.join
 end