[macruby-changes] [5016] MacRuby/trunk/io.c

source_changes at macosforge.org source_changes at macosforge.org
Sat Dec 11 23:47:09 PST 2010 

Revision: 5016
          http://trac.macosforge.org/projects/ruby/changeset/5016
Author:   watson1978 at gmail.com
Date:     2010-12-11 23:47:06 -0800 (Sat, 11 Dec 2010)
Log Message:
-----------
IO#close, #close_read and #close_write will throw SecurityError when $SAFE is 4.

Test Script:
{{{
require 'test/unit/assertions.rb'
include Test::Unit::Assertions

def safe_4
  t = Thread.new do
    $SAFE = 4
    yield
  end.join
end

r, w = IO.pipe
assert_raise(SecurityError) do
  safe_4 { r.close_read }
end

assert_raise(SecurityError) do
  safe_4 { r.close_write }
end

assert_raise(SecurityError) do
  safe_4 { r.close }
end

puts :ok
}}}

Modified Paths:
--------------
    MacRuby/trunk/io.c

Modified: MacRuby/trunk/io.c
===================================================================
--- MacRuby/trunk/io.c	2010-12-11 13:43:51 UTC (rev 5015)
+++ MacRuby/trunk/io.c	2010-12-12 07:47:06 UTC (rev 5016)
@@ -2062,6 +2062,9 @@
 rb_io_close_m(VALUE io, SEL sel)
 {
     rb_io_t *io_s = ExtractIOStruct(io);
+    if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't close");
+    }
     rb_io_check_closed(io_s);
     io_close(io_s, true, true);
     return Qnil;
@@ -2116,6 +2119,9 @@
 rb_io_close_read(VALUE io, SEL sel)
 {
     rb_io_t *io_s = ExtractIOStruct(io);
+    if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't close");
+    }
     rb_io_check_initialized(io_s);
     if (io_s->read_fd == -1) {
         rb_raise(rb_eIOError, "closed read stream");
@@ -2147,6 +2153,9 @@
 rb_io_close_write(VALUE io, SEL sel)
 {
     rb_io_t *io_s = ExtractIOStruct(io);
+    if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) {
+	rb_raise(rb_eSecurityError, "Insecure: can't close");
+    }
     rb_io_check_initialized(io_s);
     if (io_s->write_fd == -1) {
         rb_raise(rb_eIOError, "closed write stream");
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macruby-changes/attachments/20101211/cc2a9e0b/attachment.html>

More information about the macruby-changes mailing list