Issue #7839 has been updated by Yukihiro Matsumoto.

Status changed from Open to Rejected

Although I agree that we need something to prevent Symbol DoS attack, #freeze_symbols has too destructive I think.
I think that something should be a variation of #intern that refuses addition to the symbol table.

Matz.


----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-45468

* Author: Aaron Patterson
* Status: Rejected
* Priority: Normal
* Assignee: Yukihiro Matsumoto
* Category: core
* Target version: next minor
----------------------------------------
Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.  From our perspective, there should be a point in the application where symbols should stabilize, meaning we don't expect the number of symbols to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which would essentially freeze the symbol hash, such that if any new symbols are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out there.



-- 
http://bugs.ruby-lang.org/