Issue #5455 has been updated by headius (Charles Nutter).


My plan at the moment (in rough form) is to break out the individual restrictions the SAFE levels are intended to govern and allow controlling them via Java security policies. I already implemented one as a prototype, to permit evauation of code (Java security policies are whitelists, not blacklists...another reason they do a good job of security):

https://github.com/headius/jruby/commit/b8f17f21f083207612bc234ab022b2a07a9b5e11

It should be possible to implement all the SAFE security restrictions this way, but the result will be more flexible (since users can mix and match features), more explicit, and in JRuby's case part of standard Java security policy management.

I would suggest that Ruby 2.0 put together a list of all restricted operations and form a similar security system to the JVM. I am willing to help with that.
----------------------------------------
Feature #5455: $SAFE should be removed
https://bugs.ruby-lang.org/issues/5455#change-25916

Author: kosaki (Motohiro KOSAKI)
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: 3.0


see

[ruby-dev:44554]
[ruby-dev:44572] 



-- 
http://bugs.ruby-lang.org/