On Wed, Feb 6, 2013 at 5:24 PM, Rodrigo Rosenfeld Rosas
<rr.rosas / gmail.com> wrote:
> Em 06-02-2013 14:00, Nikolai Weibull escreveu:

> Nikolai, it is possible to fix the applications/frameworks against this kind
> of attack, but people will keep finding new ways of doing that and the fact
> that symbols do not get their memory reclaimed back makes some decisions a
> bit complicate to decide against.

°»Fixing°… Symbols seems more complicated.

> For instance, YAML#safe_load should allow restoring symbols? If symbols are
> collected by the GC, then it is safe for safe_load to convert symbols from
> YAML input. Otherwise, it is not safe and you wouldn't be able to load
> symbols from YAML input using safe_load. Do you see?

I see you answering your own question.