[Ironruby-core] "Taint" and (internal) copy constructors

Charles Oliver Nutter charles.nutter at sun.com
Thu Oct 25 11:53:34 EDT 2007

Curt Hagenlocher wrote:
> On 10/25/07, *Charles Oliver Nutter* <charles.nutter at sun.com 
> <mailto:charles.nutter at sun.com>> wrote:
>     JRuby mimics this behavior, but we've debated just kicking taint and
>     SAFE out the window. They're not provably safe (even in MRI), so
>     they're
>     almost certainly unsafe...and woah, the overhead.
>     Most folks using JRuby now just assume neither work.
> Both taint and frozen have a very 90s Perl feel to them :).  Being new 
> to Ruby, I have absolutely no feel for how often they're used (with CRuby).

frozen is another thing entirely, and it has good uses (locking down 
strings and arrays so they can't be modified, for example). But 
taint/SAFE are (IMHO) ugly, dated mechanisms for handling security, by 
sprinkling security checks all over high-level method calls and hoping 
you don't miss any. Not to mention extensions can ignore tainting 
completely. Yucko.

- Charlie

More information about the Ironruby-core mailing list