[Rubygems-developers] $SAFE = 1 patch
Jim Weirich
jim.weirich at gmail.com
Tue Dec 6 09:24:06 EST 2005
On 12/5/05, Eric Hodel <drbrain at segment7.net> wrote:
>
> This patch lets Rubygems run with $SAFE = 1.
Excellent! And the change comes with a patch for the tests too! Extra
points for that.
But ... I added the $SAFE=1 to the test (per the patch file) and ran the
tests (without the rest of your patch installed) ... and all the tests still
pass. I expected to see failures because of $SAFE=1 mode. Is the test not
testing what we think?
On a slightly different note, shouldn't we do more than just untaint the
string. I would have thought that at least some minimal validity checking
would be appropriate ... after all, that's the reason the strings are
tainted in the first place.
--
--
-- Jim Weirich jim at weirichhouse.org http://onestepback.org
-----------------------------------------------------------------
"Beware of bugs in the above code; I have only proved it correct,
not tried it." -- Donald Knuth (in a memo to Peter van Emde Boas)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/rubygems-developers/attachments/20051206/69d905d2/attachment.htm
More information about the Rubygems-developers
mailing list