From 3a0de05beeb997ec77d35755d9d303e1ca858cb7 Mon Sep 17 00:00:00 2001 From: Jeremy Evans Date: Fri, 4 Oct 2019 08:44:33 -0700 Subject: [PATCH] Remove mention of $SAFE and taint from doc [ci skip] --- doc/extension.ja.rdoc | 12 ------------ doc/extension.rdoc | 14 -------------- doc/security.rdoc | 13 ------------- 3 files changed, 39 deletions(-) diff --git a/doc/extension.ja.rdoc b/doc/extension.ja.rdoc index d83be10729..47303ec408 100644 --- a/doc/extension.ja.rdoc +++ b/doc/extension.ja.rdoc @@ -215,17 +215,6 @@ rb_str_new_literal(const char *ptr) :: Cのリテラル文字列からRubyの文字列を生成する. -rb_tainted_str_new(const char *ptr, long len) :: - - 汚染マークが付加された新しいRubyの文字列を生成する.外部 - からのデータに基づく文字列には汚染マークが付加されるべき - である. - -rb_tainted_str_new2(const char *ptr) :: -rb_tainted_str_new_cstr(const char *ptr) :: - - Cの文字列から汚染マークが付加されたRubyの文字列を生成する. - rb_str_append(VALUE str1, VALUE str2) :: Rubyの文字列str1にRubyの文字列str2を追加する. @@ -1251,7 +1240,6 @@ Data_Get_Struct(data, type, sval) :: RB_INTEGER_TYPE_P(value) RB_FLOAT_TYPE_P(value) void Check_Type(VALUE value, int type) - SafeStringValue(value) === 型変換 diff --git a/doc/extension.rdoc b/doc/extension.rdoc index ea0a3d15f7..79d25e4249 100644 --- a/doc/extension.rdoc +++ b/doc/extension.rdoc @@ -190,16 +190,6 @@ rb_str_new_literal(const char *ptr) :: Creates a new Ruby string from a C string literal. -rb_tainted_str_new(const char *ptr, long len) :: - - Creates a new tainted Ruby string. Strings from external data - sources should be tainted. - -rb_tainted_str_new2(const char *ptr) :: -rb_tainted_str_new_cstr(const char *ptr) :: - - Creates a new tainted Ruby string from a C string. - rb_sprintf(const char *format, ...) :: rb_vsprintf(const char *format, va_list ap) :: @@ -1210,10 +1200,6 @@ void Check_Type(VALUE value, int type) :: Ensures +value+ is of the given internal +type+ or raises a TypeError -SafeStringValue(value) :: - - Checks that +value+ is a String and is not tainted - === Data Type Conversion FIX2INT(value), INT2FIX(i) :: diff --git a/doc/security.rdoc b/doc/security.rdoc index d7d6464ce1..ae20ed30fa 100644 --- a/doc/security.rdoc +++ b/doc/security.rdoc @@ -15,19 +15,6 @@ mailto:security@ruby-lang.org ({the PGP public key}[https://www.ruby-lang.org/security.asc]), which is a private mailing list. Reported problems will be published after fixes. -== $SAFE - -Ruby provides a mechanism to restrict what operations can be performed by Ruby -code in the form of the $SAFE variable. - -However, $SAFE does not provide a secure environment for executing -untrusted code. - -If you need to execute untrusted code, you should use an operating system level -sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox -potentially malicious code. Other similar mechanisms exist on every major -operating system. - == +Marshal.load+ Ruby's +Marshal+ module provides methods for serializing and deserializing Ruby