[MacRuby] #842: Can't catch the exception of SecurityError Level 4.
MacRuby
ruby-noreply at macosforge.org
Tue Aug 10 00:56:31 PDT 2010
#842: Can't catch the exception of SecurityError Level 4.
----------------------------------+-----------------------------------------
Reporter: watson1978@… | Owner: lsansonetti@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: MacRuby | Keywords:
----------------------------------+-----------------------------------------
Test Script:
{{{
#!ruby
$ cat test_safe.rb
class C
def m
$SAFE
end
end
def run(&block)
begin
block.call
rescue SecurityError => e
p "ok : #{e}"
else
p "ng"
end
end
puts "** level 1"
b = lambda {
$SAFE = 1
eval "1 + 1".taint
}
run{ b.call }
puts "** level 2"
b = lambda {
$SAFE = 2
Dir.chdir("..")
}
run{ b.call }
puts "** level 3"
b = lambda {
$SAFE = 3
"1 + 1".untaint
}
run{ b.call }
puts "** level 4"
d = lambda {
$SAFE = 4
dclass = Class.new(C)
dclass.send(:alias_method, :mm, :m)
dclass.new
}.call
run{ d.mm }
b = lambda {
d = Dir.open('.')
$SAFE = 4
d.close
}
run{ b.call }
}}}
Result of Ruby 1.9.1:
{{{
$ ruby test_safe.rb
** level 1
"ok : Insecure operation - eval"
** level 2
"ok : Insecure operation `chdir' at level 2"
** level 3
"ok : Insecure operation `untaint' at level 3"
** level 4
"ok : calling insecure method: mm"
"ok : Insecure: operation on trusted Dir"
}}}
Result of MacRuby Trunk:
{{{
$ macruby test_safe.rb
** level 1
"ok : Insecure operation: -r"
** level 2
"ok : Insecure operation at level 2"
** level 3
"ok : Insecure operation at level 3"
** level 4
/Users/watson/test/ruby/macruby/test_safe.rb:9:in `run': Insecure
operation at level 4 (SecurityError)
from /Users/watson/test/ruby/macruby/test_safe.rb:1:in `<main>'
}}}
--
Ticket URL: <http://www.macruby.org/trac/ticket/842>
MacRuby <http://macruby.org/>
More information about the macruby-tickets
mailing list