On Apr 15, 2009, at 12:05, Philip Ross wrote:

> I'm using my own compiled version of Ruby 1.9.1p0 on Debian etch.  
> With $SAFE=1, I get the following error trying to require gems (in  
> this example Rake, but I get the same error with other gems):
>
> >> $SAFE=1
> => 1
> >> require 'rake'
> SecurityError: Insecure operation - require
>        from (irb):2:in `require'
>        from (irb):2
>        from /usr/local/ruby/1.9/bin/irb:12:in `<main>'
>
> The Rake gem is installed in the usual place:
>
> >> $:.find {|s| s =~ /rake/}
> => "/usr/local/ruby/1.9.1-p0/lib/ruby/gems/1.9.1/gems/rake-0.8.4/bin"
>
> I get the same error trying to load an arbitrary file:
>
> >> $SAFE=1
> => 1
> >> require 'testing'
> SecurityError: Insecure operation - require
>        from (irb):2:in `require'
>        from (irb):2
>        from /usr/local/ruby/1.9/bin/irb:12:in `<main>'
>
> I've just tried with the latest Ruby snapshot version and this has  
> the same issues, albeit with a (slightly) more helpful error message:
>
> >> $SAFE=1
> => 1
> >> require 'rake'
> SecurityError: cannot load from insecure path - /usr/local/ruby/ 
> snapshot/lib/ruby/gems/1.9.1/gems/rake-0.8.4/lib/rake.rb
>        from (irb):2:in `require'
>        from (irb):2
>        from /usr/local/ruby/snapshot/bin/irb:12:in `<main>'
>
> Could anyone tell me if this is the expected behaviour of Ruby 1.9?  
> I couldn't find any information about safe mode that would suggest  
> these SecurityErrors should be raised?

This is likely the issue:

$ ruby19 -rpp -e '$SAFE = 1; pp $LOAD_PATH.map { |path| [path,  
path.tainted?] }'

Please file a bug.