From: ts <decoux / moulon.inra.fr>
Subject: Re: $SAFE = 3.5?
Date: Thu, 6 May 2004 22:27:04 +0900
Message-ID: <200405061326.i46DQxS28056 / moulon.inra.fr>
> H> If wp.binding method is undefined, how do you crack it?
>  You make the common error to think that #to_s return a String

Hmmm...
Well, under $SAFE==4, I must check that return value of 
to_s method is a String and the String object has no 
singleton methods. However, I cannto trust all methods 
of the object because those methods may be overrided.
It means that I cannot know the class of the object which 
passed to the safe-level capsule, doesn't it?
That is, if I allow that a safe-level capsule proc accesses 
an untrust object, I cannot deny to give the right of the 
safe-level of the proc to the caller. 
Am I right? Or are there any way to avoid security holes?
-- 
                                  Hidetoshi NAGAI (nagai / ai.kyutech.ac.jp)