[macruby-changes] [5016] MacRuby/trunk/io.c
source_changes at macosforge.org
source_changes at macosforge.org
Sat Dec 11 23:47:09 PST 2010
Revision: 5016
http://trac.macosforge.org/projects/ruby/changeset/5016
Author: watson1978 at gmail.com
Date: 2010-12-11 23:47:06 -0800 (Sat, 11 Dec 2010)
Log Message:
-----------
IO#close, #close_read and #close_write will throw SecurityError when $SAFE is 4.
Test Script:
{{{
require 'test/unit/assertions.rb'
include Test::Unit::Assertions
def safe_4
t = Thread.new do
$SAFE = 4
yield
end.join
end
r, w = IO.pipe
assert_raise(SecurityError) do
safe_4 { r.close_read }
end
assert_raise(SecurityError) do
safe_4 { r.close_write }
end
assert_raise(SecurityError) do
safe_4 { r.close }
end
puts :ok
}}}
Modified Paths:
--------------
MacRuby/trunk/io.c
Modified: MacRuby/trunk/io.c
===================================================================
--- MacRuby/trunk/io.c 2010-12-11 13:43:51 UTC (rev 5015)
+++ MacRuby/trunk/io.c 2010-12-12 07:47:06 UTC (rev 5016)
@@ -2062,6 +2062,9 @@
rb_io_close_m(VALUE io, SEL sel)
{
rb_io_t *io_s = ExtractIOStruct(io);
+ if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
+ }
rb_io_check_closed(io_s);
io_close(io_s, true, true);
return Qnil;
@@ -2116,6 +2119,9 @@
rb_io_close_read(VALUE io, SEL sel)
{
rb_io_t *io_s = ExtractIOStruct(io);
+ if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
+ }
rb_io_check_initialized(io_s);
if (io_s->read_fd == -1) {
rb_raise(rb_eIOError, "closed read stream");
@@ -2147,6 +2153,9 @@
rb_io_close_write(VALUE io, SEL sel)
{
rb_io_t *io_s = ExtractIOStruct(io);
+ if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) {
+ rb_raise(rb_eSecurityError, "Insecure: can't close");
+ }
rb_io_check_initialized(io_s);
if (io_s->write_fd == -1) {
rb_raise(rb_eIOError, "closed write stream");
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macruby-changes/attachments/20101211/cc2a9e0b/attachment.html>
More information about the macruby-changes
mailing list