Issue #8468 has been updated by Student (Nathan Zook).


One wonders where everyone has been for the last five months.  The entire Rails security fiasco would have been avoided if DHH had seen fit to write Rails with $SAFE = 1.  This is one thing that the Perl community got right almost immediately which so far seems to have completely evaded the Ruby community.  External data is NOT to be trusted, and $SAFE = 0 is only appropriate for script which are ENTIRELY isolated from the outside.

Yes, there is the hole with symbols, but since symbol creation with outside data is a memory leak anyway, the correct thing to do would be to forbid interning of tainted strings if $SAFE >= 1.

Now, if you have a superior solution to $SAFE, I am all ears--especially since the community hasn't seen fit to understand and use it.

----------------------------------------
Feature #8468: Remove $SAFE
https://bugs.ruby-lang.org/issues/8468#change-39585

Author: shugo (Shugo Maeda)
Status: Feedback
Priority: Normal
Assignee: shugo (Shugo Maeda)
Category: core
Target version: current: 2.1.0


Yesterday, at GitHub Tokyo drinkup (thanks, GitHub!), Matz agreed to remove the $SAFE == 4 feature from Ruby 2.1.
Shibata-san, a developer of tDiary, which is the only application using $SAFE == 4, also agreed to remove it, so today is a good day to say goodbye to $SAFE (at least level 4).

Furthermore, I'm wondering whether $SAFE should be removed entirely, or not.
Is there anyone using $SAFE?


-- 
http://bugs.ruby-lang.org/