On Wed, Feb 13, 2013 at 01:10:24PM +0900, shugo (Shugo Maeda) wrote:
> 
> Issue #7839 has been updated by shugo (Shugo Maeda).
> 
> 
> >  > If this is a main use case of Symbol.freeze_symbols, it might be better to have String#intern's option to control whether a symbol creation is allowed and to make YAML.safe_load to use it.
> (snip)
> >  The problem with this is we can be calling foreign code.  We have to
> >  force all library authors to use it.  Library authors may not expect
> >  that calls to ".intern" will be fed user input.
> >
> >  Most security issues we have to deal with (even the YAML example) are
> >  cases where we do not expect to process foreign input.
> 
> Hmm.... I'm worried that the following code is not thread safe.
> 
>  > >     begin
>  > >       Symbol.freeze_symbols
>  > >       YAML.load(...)
>  > >     ensure
>  > >       Symbol.thaw_symbols
>  > >     end

Yes, this is probably not thread safe, but if people *know* it's not
thread safe, then they can lock:

    begin
      Symbol.lock
      Symbol.freeze_symbols
      YAML.load(...)
    ensure
      Symbol.thaw_symbols
      Symbol.unlock
    end

> >  > I guess it can be implemented easily compared to Symbol GC.
> >  
> >  Even freezing and thawing would definitely be easier than Symbol GC.
> 
> Sasada-san might implement Symbol GC for MRI.
> # So I'm worried that he might get less popular with women.
> 
> If it can be implemented in other implementations, it would be the best solution.

I think so too.  If Symbol GC turns out to be too hard though, I'd like
to explore this option! :-)

-- 
Aaron Patterson
http://tenderlovemaking.com/