Issue #8468 has been updated by shugo (Shugo Maeda).

Status changed from Feedback to Assigned
Assignee changed from shugo (Shugo Maeda) to matz (Yukihiro Matsumoto)

Thanks for your feedback, guys.

It's OK for me to leave $SAFE < 3 because it's just a fail-safe feature.
However, safe level 4 is considered harmful, because it provides a pseudo sandbox, which is vulnerable by design.
People tend to expect it as a real sandbox, but it really isn't.

I propose two options for Ruby 2.1:

1. Raise an error when $SAFE is set to 4.
2. Show a warning like "Safe level 4 is deprecated.  It provides a pseudo sandbox, which can be used only for semi-trusted code." when $SAFE is set to 4, and keep the current behavior.

What do you think, Matz?

In either case, I wouldn't like to address vulnerabilities in $SAFE anymore.
Some people seem to believe I'm the maintainer of $SAFE, but I'm not.
I has addressed vulnerabilities in $SAFE just because other people haven't.
----------------------------------------
Feature #8468: Remove $SAFE
https://bugs.ruby-lang.org/issues/8468#change-39829

Author: shugo (Shugo Maeda)
Status: Assigned
Priority: Normal
Assignee: matz (Yukihiro Matsumoto)
Category: core
Target version: current: 2.1.0


Yesterday, at GitHub Tokyo drinkup (thanks, GitHub!), Matz agreed to remove the $SAFE == 4 feature from Ruby 2.1.
Shibata-san, a developer of tDiary, which is the only application using $SAFE == 4, also agreed to remove it, so today is a good day to say goodbye to $SAFE (at least level 4).

Furthermore, I'm wondering whether $SAFE should be removed entirely, or not.
Is there anyone using $SAFE?


-- 
http://bugs.ruby-lang.org/