Issue #8468 has been updated by headius (Charles Nutter).


So at this point, the only thing that is being removed is the sandboxing provided by $SAFE=4, correct?

I should note that my concerns about using $SAFE as a security mechanism (coupled with taint/untrust) is still just as prone to holes as ever, with or without sandboxing. Blacklisting systems...especially where you are blacklisting against data bits modifiable outside the security flow of the application, are inherently untrustworthy.
----------------------------------------
Feature #8468: Remove $SAFE
https://bugs.ruby-lang.org/issues/8468#change-39836

Author: shugo (Shugo Maeda)
Status: Assigned
Priority: Normal
Assignee: shugo (Shugo Maeda)
Category: core
Target version: current: 2.1.0


Yesterday, at GitHub Tokyo drinkup (thanks, GitHub!), Matz agreed to remove the $SAFE == 4 feature from Ruby 2.1.
Shibata-san, a developer of tDiary, which is the only application using $SAFE == 4, also agreed to remove it, so today is a good day to say goodbye to $SAFE (at least level 4).

Furthermore, I'm wondering whether $SAFE should be removed entirely, or not.
Is there anyone using $SAFE?


-- 
http://bugs.ruby-lang.org/