Issue #7839 has been updated by rosenfeld (Rodrigo Rosenfeld Rosas).


I really believe that letting the symbols to be garbage collected (#7791) is the way to go here.

You have mentioned that changing YAML#load to be safe by default would break existing apps and now you suggest that it would be safe to freeze symbols at some point as if it wouldn't break existing apps relying on marshalling behavior of Ruby libraries. Could you please explain better why do you think it is ok to freeze symbols in Rails and break existing apps but it is not ok to make YAML#load safe (preferring a new safe_load method instead)?
----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36184

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: 


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.  From our perspective, there should be a point in the application where symbols should stabilize, meaning we don't expect the number of symbols to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which would essentially freeze the symbol hash, such that if any new symbols are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out there.


-- 
http://bugs.ruby-lang.org/