Yukihiro Matsumoto wrote: > Hi, Moin! > Thank you for the report. I will fix this soon, but the > SystemStackError object will remain reused. First of all: Thanks for fixing this so fast! :) I think your fix might introduce a new security hole in this rare case: An attacker in a safe environment causes the first SystemStackError of your application to happen and rescues it into a variable. He then does this: def error.inspect puts "Gotcha!" end Later in your application code outside of the safe environment another SystemStackError occurs (the attacker can't cause this which means that this whole condition is quite rare) and the malicious inspect-method of the SystemStackError is called. I think that this can be fixed by also freezing the globally stored system stack error: --- old/ruby/eval.c Fri Oct 31 21:24:47 2003 +++ new/ruby/eval.c Fri Oct 31 21:29:15 2003 @@ -7736,6 +7736,7 @@ Init_Proc() rb_eSysStackError = rb_define_class("SystemStackError", rb_eStandardError); sysstack_error = rb_exc_new2(rb_eSysStackError, "stack level too deep"); OBJ_TAINT(sysstack_error); + OBJ_FREEZE(sysstack_error); rb_global_variable(&sysstack_error); rb_cProc = rb_define_class("Proc", rb_cObject); Regards, Florian Gross