[Rubygems-developers] $SAFE = 1 patch

Eric Hodel drbrain at segment7.net
Tue Dec 6 14:36:14 EST 2005


On Dec 6, 2005, at 6:24 AM, Jim Weirich wrote:

> On 12/5/05, Eric Hodel <drbrain at segment7.net> wrote: This patch  
> lets Rubygems run with $SAFE = 1.
>
> Excellent!  And the change comes with a patch for the tests too!   
> Extra points for that.
>
> But ... I added the $SAFE=1 to the test (per the patch file) and  
> ran the tests (without the rest of your patch installed) ... and  
> all the tests still pass.  I expected to see failures because of  
> $SAFE=1 mode.  Is the test not testing what we think?

Strange, I get failures with just the change to test/gemenvironment.rb:

[11:31] drbrain at kaa$ rake
(in /Users/drbrain/tmp/rubygems)
./lib/rubygems/custom_require.rb:99:in `[]': Insecure operation - []  
(SecurityError)
         from ./lib/rubygems/custom_require.rb:99:in `matching_file'
         from ./lib/rubygems/custom_require.rb:81:in `find'
         from ./lib/rubygems/custom_require.rb:80:in `find'
         from ./lib/rubygems/custom_require.rb:25:in `require'
         from ./test/gemenvironment.rb:8
         from ./lib/rubygems/custom_require.rb:21:in `require'
         from ./test/test_gemloadpaths.rb:6
         from /usr/local/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb:5
         from /usr/local/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb:5
rake aborted!
Command failed with status (1): [/usr/local/bin/ruby183 -Ilib "/usr/ 
local/l...]

[ ~/tmp/rubygems ]
[11:31] drbrain at kaa$ cvs diff
Index: test/gemenvironment.rb
===================================================================
RCS file: /var/cvs/rubygems/rubygems/test/gemenvironment.rb,v
retrieving revision 1.3
diff -u -r1.3 gemenvironment.rb
--- test/gemenvironment.rb      17 Mar 2005 04:04:15 -0000      1.3
+++ test/gemenvironment.rb      6 Dec 2005 19:22:04 -0000
@@ -1,5 +1,6 @@
# Create a test environment for gems.
+$SAFE = 1
require 'rubygems'
require 'rubygems/installer'
require 'rubygems/builder'

> On a slightly different note, shouldn't we do more than just  
> untaint the string.  I would have thought that at least some  
> minimal validity checking would be appropriate ... after all,  
> that's the reason the strings are tainted in the first place.

I don't know.  All the paths seem to come from the gem directory or  
the gemspec files, so I thought it was ok to trust them.  I thought  
it would be strange to distrust the gem directory...

-- 
Eric Hodel - drbrain at segment7.net - http://segment7.net
This implementation is HODEL-HASH-9600 compliant

http://trackmap.robotcoop.com




More information about the Rubygems-developers mailing list