Reducing $SAFE

Eric Hodel | Thu, 31 Aug 2006 00:30:00 GMT

Posted in ,

Ya you are correct, it won't let you change the safe level. I wonder how hard it would be to bypass it though using something like rubyinline?

Re: $SAFE =4 safe enough? via snacktime 

require 'rubygems'
require 'inline'

class DeSafe
  inline do |builder|
    builder.prefix "RUBY_EXTERN int ruby_safe_level;"

    builder.c <<-EOC
      static void
      reduce() {
        ruby_safe_level = 0;
      }
    EOC
  end
end


$SAFE = ARGV.shift.to_i rescue 0

p $SAFE

DeSafe.new.reduce

p $SAFE
$ rm -fr ~/.ruby_inline/; ruby desafe.rb 4
desafe.rb:20:in `write': Insecure operation `write' at level 4 (SecurityError)
        from desafe.rb:20:in `p'
        from desafe.rb:20
$ rm -fr ~/.ruby_inline/; ruby desafe.rb 3
3
0
4 comments

Comments RSS FEED

That’s just wrong. :-P

I wonder if this could be abused to alter the $SAFE level of an already running Ruby interpreter somehow…

Daniel Berger said about 2 hours later

You mean external to your own? Only if you can attach to it with a debugger or otherwise modify its memory space.

Note that this allows you to lower $SAFE even when $SAFE >= 4 if you’ve already compiled the binary.

Eric Hodel said about 5 hours later

Very naughty ;-)

BTW you have an error in your Articles xml feed. See here for details

James Mead said 1 day later

I backed off typo by several revisions, the trunk is currently broken in a mysterious way.

Eric Hodel said 1 day later

Comments are disabled