Eric Hodel wrote:
> On Jan 8, 2007, at 22:29, Tom wrote:
> 
>> Well I'm mailing about a problem I'm having while using the rails
>> framework, since it does seem to be a ruby problem I thought I might
>> as well post here 
>> 
>> I have a security level problem, for unknown reasons it switches
>> from level 0 to level 4 and then provoke some error related to the
>> security level...
> 
> $SAFE is switched when you assign to it, never at any other time.

Is it so? Consider the following code:

puts RUBY_VERSION, RUBY_PLATFORM

class Test
  def show_safe
    puts $SAFE
  end
end

Test.new.show_safe
Test.new.method(:show_safe).taint.call

It produces:

:!ruby safe.rb
1.8.4
i686-linux
0
safe.rb:5:in `write': Insecure operation `write' at level 4
(SecurityError)
        from safe.rb:5:in `show_safe'
        from safe.rb:12


> 
>> I have a plugin we developed I that uses a lot of method.call and
>> apparently according to a post at technoweeny rails forum, this
>> could be the problem ( http://www.railsweenie.com/forums/1/topics/
>> 659 ) ... 
>> 
>> Is there any way to resolve this problem without having to stop
>> using method.call (we don't really want a major rewrite) ? What
>> exactly is the problem and why does it happen?
> 
> You have code like $SAFE = 4 in your program somwhere.  Use grep to
> find it.

Not necessarily. See above.
 
> 
> Typically $SAFE = 4 is only set in a spawned thread since its so
> strict its rarely useful outside of sandboxing dangerous code.

Gennady.