[Rubygems-developers] $SAFE = 1 patch

Jim Weirich jim.weirich at gmail.com
Tue Dec 6 09:24:06 EST 2005


On 12/5/05, Eric Hodel <drbrain at segment7.net> wrote:
>
> This patch lets Rubygems run with $SAFE = 1.


Excellent!  And the change comes with a patch for the tests too!  Extra
points for that.

But ... I added the $SAFE=1 to the test (per the patch file) and ran the
tests (without the rest of your patch installed) ... and all the tests still
pass.  I expected to see failures because of $SAFE=1 mode.  Is the test not
testing what we think?

On a slightly different note, shouldn't we do more than just untaint the
string.  I would have thought that at least some minimal validity checking
would be appropriate ... after all, that's the reason the strings are
tainted in the first place.

--
--
-- Jim Weirich    jim at weirichhouse.org     http://onestepback.org
-----------------------------------------------------------------
"Beware of bugs in the above code; I have only proved it correct,
not tried it." -- Donald Knuth (in a memo to Peter van Emde Boas)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/rubygems-developers/attachments/20051206/69d905d2/attachment.htm


More information about the Rubygems-developers mailing list