On Tue, 20 Feb 2007 15:38:52 +0100, James Smith <jmdjmsmith / msn.com> wrote:

> Thanks for your comments..
>
> I'm trying:
>
> ruby -r userlib -T3 program.rb
>
> This doesn't seem to be working with the -r option (i also want to load
> in the file userlib.rb) - are the two options compatible together?
>

Quoth the Pickaxe, ed. 1: ">= 2 -- Ruby prohibits the loading of program  
files from globally writable locations."

D:\UserPrfs\VALLNERD>type foo.rb
require "yaml"
y [1, 2, {:foo => 'bar'}]

Amusingly enough:

D:\UserPrfs\VALLNERD>attrib -R /s c:\ruby\lib\*

D:\UserPrfs\VALLNERD>ruby -T2 foo.rb
---
- 1
- 2
- :foo: bar

(So either that has been changed since the first edition, or the win32  
port plain doesn't even try to do that check.)

D:\UserPrfs\VALLNERD>ruby -T2 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)

. o 0 (WTF.) I have no idea what's going on there, besides the interpreter  
obviously evaluating even arguments it's supposed to parse  
order-dependently.

D:\UserPrfs\VALLNERD>ruby -ryaml -T2 foo.rb
---
- 1
- 2
- :foo: bar

While:

D:\UserPrfs\VALLNERD>attrib +R /s c:\ruby\lib\*

D:\UserPrfs\VALLNERD>ruby -ryaml -T3 foo.rb
ruby: Insecure operation: -r (SecurityError)

D:\UserPrfs\VALLNERD>ruby -T3 -ryaml foo.rb
ruby: no -r allowed in tainted mode (SecurityError)

D:\UserPrfs\VALLNERD>ruby -T3 foo.rb
foo.rb:1:in `require': Insecure operation - require (SecurityError)
         from foo.rb:1

still breaks, even though Pickaxe ed. 1 doesn't mention further code  
loading restrictions. (This doesn't mean much, while two major versions of  
development do.) Alas, my Pickaxe 2 is on a non-working USB stick and  
(hopefully) another computer, so some $SAFE-guru could clarify this.