* [ruby-core:69984] $SAFE inside an Array [not found] <20150714200732.GA59361@becker.bs.l> @ 2015-07-15 20:35 ` Bertram Scharpf 2015-07-15 20:40 ` [ruby-core:69985] " Bertram Scharpf 2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada 0 siblings, 2 replies; 4+ messages in thread From: Bertram Scharpf @ 2015-07-15 20:35 UTC (permalink / raw) To: ruby-core Hi, I stepped through the C source code, and the longer I think about it I'm convinced it is a real bug. On Tuesday, 14. Jul 2015, 22:07:32 +0200, Bertram Scharpf wrote: > [On ruby-talk] > > is this an intended behaviour or is it a bug? I did boil > down the problem I detected to the smallest possible code. > > class C > t = Thread.new do > $SAFE = 1 > def inspect > "<C>" > end > end > t.join > end > c = C.new > puts c.inspect > puts [c].inspect > not_reached > > The output is: > > <C> > insecure.rb:12:in `inspect': calling insecure method: inspect (SecurityError) > from insecure.rb:12:in `<main>' > > Why is the first #inspect allowed but the second is not? > Should I still use $SAFE at all? The exception is being raised by the function rb_inspect() but not by rb_obj_inspect(). The function rb_ary_inspect() calls rb_inspect() for the objects it contains. The lonely C#inspect call goes directly to rb_obj_inspect(). When I replace rb_inspect() by rb_obj_inspect() in rb_ary_inspect(), no exception will be raised. Either, Array#inspect should call rb_obj_inspect(), too, so that both lines succeed. The other solution would be that rb_obj_inspect() raises an exception as well. This is a matter of programming logic far beyond the $SAFE mechanism. Please make a decision. Thanks in advance. Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de ^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:69985] Re: $SAFE inside an Array 2015-07-15 20:35 ` [ruby-core:69984] $SAFE inside an Array Bertram Scharpf @ 2015-07-15 20:40 ` Bertram Scharpf 2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada 1 sibling, 0 replies; 4+ messages in thread From: Bertram Scharpf @ 2015-07-15 20:40 UTC (permalink / raw) To: ruby-core Hi again, On Wednesday, 15. Jul 2015, 22:35:12 +0200, Bertram Scharpf wrote: > Either, Array#inspect should call rb_obj_inspect(), too, so > that both lines succeed. That was too fast. rb_obj_inspect(), of course, is something else than C#inspect. This is not a solution. Sorry. Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de ^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:69996] Re: $SAFE inside an Array 2015-07-15 20:35 ` [ruby-core:69984] $SAFE inside an Array Bertram Scharpf 2015-07-15 20:40 ` [ruby-core:69985] " Bertram Scharpf @ 2015-07-16 7:41 ` Nobuyoshi Nakada 2015-07-16 12:12 ` [ruby-core:70002] " Bertram Scharpf 1 sibling, 1 reply; 4+ messages in thread From: Nobuyoshi Nakada @ 2015-07-16 7:41 UTC (permalink / raw) To: ruby-core On 2015/07/16 5:35, Bertram Scharpf wrote: >> The output is: >> >> <C> >> insecure.rb:12:in `inspect': calling insecure method: inspect (SecurityError) >> from insecure.rb:12:in `<main>' >> >> Why is the first #inspect allowed but the second is not? >> Should I still use $SAFE at all? It is fixed in the trunk. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:70002] Re: $SAFE inside an Array 2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada @ 2015-07-16 12:12 ` Bertram Scharpf 0 siblings, 0 replies; 4+ messages in thread From: Bertram Scharpf @ 2015-07-16 12:12 UTC (permalink / raw) To: Ruby developers On Thursday, 16. Jul 2015, 16:41:40 +0900, Nobuyoshi Nakada wrote: > On 2015/07/16 5:35, Bertram Scharpf wrote: > > > The output is: > > > > > > <C> > > > insecure.rb:12:in `inspect': calling insecure method: inspect (SecurityError) > > > from insecure.rb:12:in `<main>' > > > > > > Why is the first #inspect allowed but the second is not? > > > Should I still use $SAFE at all? > > It is fixed in the trunk. Thank you. As far as I can see, it is here (from Git): commit 18bbd05709a4d52704ac217f30c0d9f35830b7f0 Date: 2015-06-03 01:39:16 +0000 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-07-16 11:43 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <20150714200732.GA59361@becker.bs.l> 2015-07-15 20:35 ` [ruby-core:69984] $SAFE inside an Array Bertram Scharpf 2015-07-15 20:40 ` [ruby-core:69985] " Bertram Scharpf 2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada 2015-07-16 12:12 ` [ruby-core:70002] " Bertram Scharpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).