* error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb:

k-tsj · k-tsj · commit 04f0de74dd22 · 2013-08-18T10:36:51.000Z
$SAFE=4 is obsolete.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42608 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Sun Aug 18 19:32:26 2013  Kazuki Tsujimoto  <kazuki@callcc.net>
+
+	* error.c, file.c, gc.c, hash.c, thread.c, variable.c, vm_eval.c, bin/erb:
+	  $SAFE=4 is obsolete.
+
 Sun Aug 18 14:30:47 2013  Tanaka Akira  <akr@fsij.org>
 
 	* process.c (rb_clock_gettime): Rename POSIX_TIME_CLOCK_REALTIME to
diff --git a/bin/erb b/bin/erb
@@ -72,7 +72,7 @@ class ERB
             require ARGV.req_arg
           when '-S'                        # security level
             arg = ARGV.req_arg
-            raise "invalid safe_level #{arg.dump}" unless arg =~ /^[0-4]$/
+            raise "invalid safe_level #{arg.dump}" unless arg =~ /^[0-3]$/
             safe_level = arg.to_i
           when '-T'                        # trim mode
             arg = ARGV.req_arg
@@ -105,7 +105,7 @@ class ERB
   -v               enable verbose mode
   -d               set $DEBUG to true
   -r library       load a library
-  -S safe_level    set $SAFE (0..4)
+  -S safe_level    set $SAFE (0..3)
   -E ex[:in]       set default external/internal encodings
   -U               set default encoding to UTF-8.
   -T trim_mode     specify trim_mode (0..2, -)
diff --git a/error.c b/error.c
@@ -2030,10 +2030,6 @@ rb_check_frozen(VALUE obj)
 void
 rb_error_untrusted(VALUE obj)
 {
-    if (rb_safe_level() >= 4) {
-	rb_raise(rb_eSecurityError, "Insecure: can't modify %s",
-		 rb_obj_classname(obj));
-    }
 }
 
 #undef rb_check_trusted
diff --git a/file.c b/file.c
@@ -5428,10 +5428,6 @@ rb_find_file_ext_safe(VALUE *filep, const char *const *ext, int safe_level)
 	return 0;
     }
 
-    if (safe_level >= 4) {
-	rb_raise(rb_eSecurityError, "loading from non-absolute path %s", f);
-    }
-
     RB_GC_GUARD(load_path) = rb_get_expanded_load_path();
     if (!load_path) return 0;
 
@@ -5493,10 +5489,6 @@ rb_find_file_safe(VALUE path, int safe_level)
 	return path;
     }
 
-    if (safe_level >= 4) {
-	rb_raise(rb_eSecurityError, "loading from non-absolute path %s", f);
-    }
-
     RB_GC_GUARD(load_path) = rb_get_expanded_load_path();
     if (load_path) {
 	long i;
diff --git a/gc.c b/gc.c
@@ -4578,7 +4578,7 @@ rb_memerror(void)
 {
     rb_thread_t *th = GET_THREAD();
     if (!nomem_error ||
-	(rb_thread_raised_p(th, RAISED_NOMEMORY) && rb_safe_level() < 4)) {
+	rb_thread_raised_p(th, RAISED_NOMEMORY)) {
 	fprintf(stderr, "[FATAL] failed to allocate memory\n");
 	exit(EXIT_FAILURE);
     }
diff --git a/hash.c b/hash.c
@@ -2714,10 +2714,6 @@ env_aset(VALUE obj, VALUE nm, VALUE val)
 {
     char *name, *value;
 
-    if (rb_safe_level() >= 4) {
-	rb_raise(rb_eSecurityError, "can't change environment variable");
-    }
-
     if (NIL_P(val)) {
 	env_delete(obj, nm);
 	return Qnil;
diff --git a/thread.c b/thread.c
@@ -541,10 +541,6 @@ thread_start_func_2(rb_thread_t *th, VALUE *stack_start, VALUE *register_stack_s
 	    if (state == TAG_FATAL) {
 		/* fatal error within this thread, need to stop whole script */
 	    }
-	    else if (th->safe_level >= 4) {
-		/* Ignore it. Main thread shouldn't be harmed from untrusted thread. */
-		errinfo = Qnil;
-	    }
 	    else if (rb_obj_is_kind_of(errinfo, rb_eSystemExit)) {
 		/* exit on main_thread. */
 	    }
@@ -2176,8 +2172,6 @@ rb_thread_kill(VALUE thread)
 
     GetThreadPtr(thread, th);
 
-    if (th != GET_THREAD() && th->safe_level < 4) {
-    }
     if (th->to_kill || th->status == THREAD_KILLED) {
 	return thread;
     }
@@ -2741,9 +2735,6 @@ rb_thread_local_aref(VALUE thread, ID id)
     st_data_t val;
 
     GetThreadPtr(thread, th);
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: thread locals");
-    }
     if (!th->local_storage) {
 	return Qnil;
     }
@@ -2827,9 +2818,6 @@ rb_thread_local_aset(VALUE thread, ID id, VALUE val)
     rb_thread_t *th;
     GetThreadPtr(thread, th);
 
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: can't modify thread locals");
-    }
     if (OBJ_FROZEN(thread)) {
 	rb_error_frozen("thread locals");
     }
@@ -2898,15 +2886,8 @@ static VALUE
 rb_thread_variable_get(VALUE thread, VALUE key)
 {
     VALUE locals;
-    rb_thread_t *th;
     ID id = rb_check_id(&key);
 
-    GetThreadPtr(thread, th);
-
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: can't access thread locals");
-    }
-
     if (!id) return Qnil;
     locals = rb_ivar_get(thread, id_locals);
     return rb_hash_aref(locals, ID2SYM(id));
@@ -2925,13 +2906,7 @@ static VALUE
 rb_thread_variable_set(VALUE thread, VALUE id, VALUE val)
 {
     VALUE locals;
-    rb_thread_t *th;
 
-    GetThreadPtr(thread, th);
-
-    if (rb_safe_level() >= 4 && th != GET_THREAD()) {
-	rb_raise(rb_eSecurityError, "Insecure: can't modify thread locals");
-    }
     if (OBJ_FROZEN(thread)) {
 	rb_error_frozen("thread locals");
     }
diff --git a/variable.c b/variable.c
@@ -782,8 +782,6 @@ rb_gvar_set(struct global_entry *entry, VALUE val)
     struct trace_data trace;
     struct global_variable *var = entry->var;
 
-    if (rb_safe_level() >= 4)
-	rb_raise(rb_eSecurityError, "Insecure: can't change global variable value");
     (*var->setter)(val, entry->id, var->data, var);
 
     if (var->trace && !var->block_trace) {
@@ -860,9 +858,6 @@ rb_alias_variable(ID name1, ID name2)
     struct global_entry *entry1, *entry2;
     st_data_t data1;
 
-    if (rb_safe_level() >= 4)
-	rb_raise(rb_eSecurityError, "Insecure: can't alias global variable");
-
     entry2 = rb_global_entry(name2);
     if (!st_lookup(rb_global_tbl, (st_data_t)name1, &data1)) {
 	entry1 = ALLOC(struct global_entry);
diff --git a/vm_eval.c b/vm_eval.c
@@ -1337,16 +1337,7 @@ rb_f_eval(int argc, VALUE *argv, VALUE self)
     int line = 1;
 
     rb_scan_args(argc, argv, "13", &src, &scope, &vfile, &vline);
-    if (rb_safe_level() >= 4) {
-	StringValue(src);
-	if (!NIL_P(scope) && !OBJ_TAINTED(scope)) {
-	    rb_raise(rb_eSecurityError,
-		     "Insecure: can't modify trusted binding");
-	}
-    }
-    else {
-	SafeStringValue(src);
-    }
+    SafeStringValue(src);
     if (argc >= 3) {
 	StringValue(vfile);
     }
@@ -1551,12 +1542,7 @@ eval_under(VALUE under, VALUE self, VALUE src, VALUE file, int line)
     if (SPECIAL_CONST_P(self) && !NIL_P(under)) {
 	cref->flags |= NODE_FL_CREF_PUSHED_BY_EVAL;
     }
-    if (rb_safe_level() >= 4) {
-	StringValue(src);
-    }
-    else {
-	SafeStringValue(src);
-    }
+    SafeStringValue(src);
 
     return eval_string_with_cref(self, src, Qnil, cref, file, line);
 }
@@ -1573,12 +1559,7 @@ specific_eval(int argc, VALUE *argv, VALUE klass, VALUE self)
 	int line = 1;
 
 	rb_check_arity(argc, 1, 3);
-	if (rb_safe_level() >= 4) {
-	    StringValue(argv[0]);
-	}
-	else {
-	    SafeStringValue(argv[0]);
-	}
+	SafeStringValue(argv[0]);
 	if (argc > 2)
 	    line = NUM2INT(argv[2]);
 	if (argc > 1) {

Original file line number	Diff line number	Diff line change
`@@ -2030,10 +2030,6 @@ rb_check_frozen(VALUE obj)`
`2030`	`2030`	`void`
`2031`	`2031`	`rb_error_untrusted(VALUE obj)`
`2032`	`2032`	`{`
`2033`		`- if (rb_safe_level() >= 4) {`
`2034`		`- rb_raise(rb_eSecurityError, "Insecure: can't modify %s",`
`2035`		`- rb_obj_classname(obj));`
`2036`		`- }`
`2037`	`2033`	`}`
`2038`	`2034`
`2039`	`2035`	`#undef rb_check_trusted`
Original file line number	Diff line number	Diff line change
`@@ -4578,7 +4578,7 @@ rb_memerror(void)`
`4578`	`4578`	`{`
`4579`	`4579`	`rb_thread_t *th = GET_THREAD();`
`4580`	`4580`	`if (!nomem_error \|\|`
`4581`		`- (rb_thread_raised_p(th, RAISED_NOMEMORY) && rb_safe_level() < 4)) {`
	`4581`	`+ rb_thread_raised_p(th, RAISED_NOMEMORY)) {`
`4582`	`4582`	`fprintf(stderr, "[FATAL] failed to allocate memory\n");`
`4583`	`4583`	`exit(EXIT_FAILURE);`
`4584`	`4584`	`}`