determines Ruby's level of paranoia.
Table 20.1 on page 257 gives details of the checks performed at
each safe level.
||No checking of the use of externally supplied (tainted) data is
performed. This is Ruby's default mode.
||Ruby disallows the use of tainted data by potentially
||Ruby prohibits the loading of program files from globally
||All newly created objects are considered tainted.
||Ruby effectively partitions the running program in two. Nontainted
objects may not be modified. Typically, this will be used to create a
sandbox: the program sets up an environment using a lower
$SAFE level, then resets
$SAFE to 4 to prevent
subsequent changes to that environment.
The default value of
is zero under most circumstances.
However, if a Ruby script is run setuid
,[A Unix script may be flagged to be run under a
different user or group id than the person running it. This allows
the script to have privileges that the user does not have; the
script can access resources that the user would otherwise be
prohibited from using.
These scripts are called setuid or setgid.]
level is automatically set to 1. The safe level may also be set
command-line option, and by assigning to
within the program. It is not possible to lower the value
The current value of
is inherited when new threads are
created. However, within each thread, the value of
changed without affecting the value in other threads. This facility
may be used to implement secure ``sandboxes,'' areas where external
code may run safely without risking the rest of your application or
system. Do this by wrapping code that you load from a
file in its own, anonymous module.
This will protect your
program's namespace from any unintended alteration.
f.print ... # write untrusted program into file.
$SAFE = 4
level of 4, you can load only
on page 418 for details.