On Apr 15, 2009, at 12:05, Philip Ross wrote: > I'm using my own compiled version of Ruby 1.9.1p0 on Debian etch. > With $SAFE=1, I get the following error trying to require gems (in > this example Rake, but I get the same error with other gems): > > >> $SAFE=1 > => 1 > >> require 'rake' > SecurityError: Insecure operation - require > from (irb):2:in `require' > from (irb):2 > from /usr/local/ruby/1.9/bin/irb:12:in `<main>' > > The Rake gem is installed in the usual place: > > >> $:.find {|s| s =~ /rake/} > => "/usr/local/ruby/1.9.1-p0/lib/ruby/gems/1.9.1/gems/rake-0.8.4/bin" > > I get the same error trying to load an arbitrary file: > > >> $SAFE=1 > => 1 > >> require 'testing' > SecurityError: Insecure operation - require > from (irb):2:in `require' > from (irb):2 > from /usr/local/ruby/1.9/bin/irb:12:in `<main>' > > I've just tried with the latest Ruby snapshot version and this has > the same issues, albeit with a (slightly) more helpful error message: > > >> $SAFE=1 > => 1 > >> require 'rake' > SecurityError: cannot load from insecure path - /usr/local/ruby/ > snapshot/lib/ruby/gems/1.9.1/gems/rake-0.8.4/lib/rake.rb > from (irb):2:in `require' > from (irb):2 > from /usr/local/ruby/snapshot/bin/irb:12:in `<main>' > > Could anyone tell me if this is the expected behaviour of Ruby 1.9? > I couldn't find any information about safe mode that would suggest > these SecurityErrors should be raised? This is likely the issue: $ ruby19 -rpp -e '$SAFE = 1; pp $LOAD_PATH.map { |path| [path, path.tainted?] }' Please file a bug.