On Wed, Feb 6, 2013 at 5:24 PM, Rodrigo Rosenfeld Rosas <rr.rosas / gmail.com> wrote: > Em 06-02-2013 14:00, Nikolai Weibull escreveu: > Nikolai, it is possible to fix the applications/frameworks against this kind > of attack, but people will keep finding new ways of doing that and the fact > that symbols do not get their memory reclaimed back makes some decisions a > bit complicate to decide against. ¡ÈFixing¡É Symbols seems more complicated. > For instance, YAML#safe_load should allow restoring symbols? If symbols are > collected by the GC, then it is safe for safe_load to convert symbols from > YAML input. Otherwise, it is not safe and you wouldn't be able to load > symbols from YAML input using safe_load. Do you see? I see you answering your own question.