Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Ruby Programming
Previous Page Home Next Page

Safe Levels

The variable $SAFE determines Ruby's level of paranoia. Table 20.1 on page 257 gives details of the checks performed at each safe level.

$SAFE Constraints
0 No checking of the use of externally supplied (tainted) data is performed. This is Ruby's default mode.
>= 1 Ruby disallows the use of tainted data by potentially dangerous operations.
>= 2 Ruby prohibits the loading of program files from globally writable locations.
>= 3 All newly created objects are considered tainted.
>= 4 Ruby effectively partitions the running program in two. Nontainted objects may not be modified. Typically, this will be used to create a sandbox: the program sets up an environment using a lower $SAFE level, then resets $SAFE to 4 to prevent subsequent changes to that environment.

The default value of $SAFE is zero under most circumstances. However, if a Ruby script is run setuid or setgid,[A Unix script may be flagged to be run under a different user or group id than the person running it. This allows the script to have privileges that the user does not have; the script can access resources that the user would otherwise be prohibited from using. These scripts are called setuid or setgid.] its safe level is automatically set to 1. The safe level may also be set using the -T command-line option, and by assigning to $SAFE within the program. It is not possible to lower the value of $SAFE by assignment.

The current value of $SAFE is inherited when new threads are created. However, within each thread, the value of $SAFE may be changed without affecting the value in other threads. This facility may be used to implement secure ``sandboxes,'' areas where external code may run safely without risking the rest of your application or system. Do this by wrapping code that you load from a file in its own, anonymous module. This will protect your program's namespace from any unintended alteration.

f.print ...   # write untrusted program into file.
Thread.start {
  $SAFE = 4
  load(fileName, true)

With a $SAFE level of 4, you can load only wrapped files. See Kernel::load on page 418 for details.
Ruby Programming
Previous Page Home Next Page

  Published under the terms of the Open Publication License Design by Interspire