Hi,

2008/8/20 Dave Thomas <dave / pragprog.com>:
> Thanks for the explanation. What does it mean when you say "objects created
> by untrusted code are tainted and untrusted?" I tried:

It means objects created at safe level 4. For example.

irb(main):001:0> x = lambda { $SAFE=4; Object.new}.call
=> #<Object:0x83d1c58>
irb(main):002:0> x.tainted?
=> true
irb(main):003:0> x.untrusted?
=> true

> Is there an example of a sandbox that uses trust?

At safe level 4, only objects created at safe level 4 or marked as untrusted
manually are modifiable.

irb(main):001:0> p lambda { $SAFE=4; s = ""; s << "xxx"; s }.call
"xxx"
=> "xxx"
irb(main):002:0> $s = ""
=> ""
irb(main):003:0> p lambda { $SAFE=4; $s << "xxx"; $s }.call
SecurityError: Insecure: can't modify string
        from (irb):3:in `block (8 levels) in irb_binding'
        from (irb):3:in `call'
        from (irb):3
        from /home/shugo/local/bin/irb-trunk:12:in `<main>'
irb(main):004:0> $s.taint
=> ""
irb(main):005:0> p lambda { $SAFE=4; $s << "xxx"; $s }.call
SecurityError: Insecure: can't modify string
        from (irb):5:in `block (11 levels) in irb_binding'
        from (irb):5:in `call'
        from (irb):5
        from /home/shugo/local/bin/irb-trunk:12:in `<main>'
irb(main):006:0> $s.untrust
=> ""
irb(main):007:0> p lambda { $SAFE=4; $s << "xxx"; $s }.call
"xxx"
=> "xxx"

-- 
Shugo Maeda