Issue #7839 has been updated by shugo (Shugo Maeda).


Student (Nathan Zook) wrote:
> +1 to prohibiting interning of tainted strings.  Probably $SAFE >= 1, though.  Currently, this is a problem for $SAFE <= 2.

$SAFE is not implemented in other implementations, so this issue should be addressed without $SAFE.

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36301

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee: 
Category: core
Target version: next minor


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.  From our perspective, there should be a point in the application where symbols should stabilize, meaning we don't expect the number of symbols to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which would essentially freeze the symbol hash, such that if any new symbols are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out there.


-- 
http://bugs.ruby-lang.org/