Yang Zhang wrote:
> To add to the confusion, the rake task runs fine from root's crontab.
> I found some information on taint and $SAFE, but it's unclear to me
> why things work via cron but not via a suid binary.

$SAFE is set to 1 if the code is run setuid.

The actual test is if the real UID is non-zero and the real UID is 
different from the effective UID or the real GID is different from the 
effective GID. Code from ruby-1.9.2preview1 (ruby.c):

static void
init_ids(struct cmdline_options *opt)
{
    rb_uid_t uid = getuid();
    rb_uid_t euid = geteuid();
    rb_gid_t gid = getgid();
    rb_gid_t egid = getegid();

    if (uid != euid) opt->setids |= 1;
    if (egid != gid) opt->setids |= 2;
    if (uid && opt->setids) {
        if (opt->safe_level < 1) opt->safe_level = 1;
    }
}
-- 
Posted via http://www.ruby-forum.com/.