new constants have security problems

Sophrinix / TryRuby

Try Ruby is a interactive shell that quickly and whimsically teaches the Ruby programming language. Originally _why's idea, it has been recreated from the ground up by Rubyists who have a passion for Ruby and for teaching their fellow (wo)man how to program.

tryruby.org

345 stars 79 forks source link

new constants have security problems #35

Open ghost opened 14 years ago

ghost commented 14 years ago

This is why inspect sometimes doesn't work. There are probably a lot of other problems it creates too. Here is a tryruby session:

6.tainted?
=> false
/slash/.tainted?
=> false
TryRubyBaseSession.tainted?
=> false
class MyClass; end
=> nil
MyClass.tainted?
=> true
MyClass.new.tainted?
=> true

Sophrinix commented 14 years ago

this is because we are using $SAFE = 3

The only way around this would be to have a true sandbox. I will check on this issue after I am finished with my irb integration.