kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Remove mention of $SAFE and taint from doc [ci skip]

Browse source
This commit is contained in:
Jeremy Evans 2019-10-04 08:44:33 -07:00
parent c257303ae7
commit 3a0de05bee
Notes: git 2019-11-18 08:01:11 +09:00
3 changed files with 0 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

13
doc/security.rdoc
View file

@ -15,19 +15,6 @@ mailto:security@ruby-lang.org ({the PGP public
key}[https://www.ruby-lang.org/security.asc]), which is a private mailing list.
Reported problems will be published after fixes.
== <code>$SAFE</code>
Ruby provides a mechanism to restrict what operations can be performed by Ruby
code in the form of the <code>$SAFE</code> variable.
However, <code>$SAFE</code> does not provide a secure environment for executing
untrusted code.
If you need to execute untrusted code, you should use an operating system level
sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox
potentially malicious code. Other similar mechanisms exist on every major
operating system.
== +Marshal.load+
Ruby's +Marshal+ module provides methods for serializing and deserializing Ruby