* [ruby-core:69984] $SAFE inside an Array
[not found] <20150714200732.GA59361@becker.bs.l>
@ 2015-07-15 20:35 ` Bertram Scharpf
2015-07-15 20:40 ` [ruby-core:69985] " Bertram Scharpf
2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada
0 siblings, 2 replies; 4+ messages in thread
From: Bertram Scharpf @ 2015-07-15 20:35 UTC (permalink / raw)
To: ruby-core
Hi,
I stepped through the C source code, and the longer I think
about it I'm convinced it is a real bug.
On Tuesday, 14. Jul 2015, 22:07:32 +0200, Bertram Scharpf wrote:
> [On ruby-talk]
>
> is this an intended behaviour or is it a bug? I did boil
> down the problem I detected to the smallest possible code.
>
> class C
> t = Thread.new do
> $SAFE = 1
> def inspect
> "<C>"
> end
> end
> t.join
> end
> c = C.new
> puts c.inspect
> puts [c].inspect
> not_reached
>
> The output is:
>
> <C>
> insecure.rb:12:in `inspect': calling insecure method: inspect (SecurityError)
> from insecure.rb:12:in `<main>'
>
> Why is the first #inspect allowed but the second is not?
> Should I still use $SAFE at all?
The exception is being raised by the function rb_inspect()
but not by rb_obj_inspect(). The function rb_ary_inspect()
calls rb_inspect() for the objects it contains. The lonely
C#inspect call goes directly to rb_obj_inspect().
When I replace rb_inspect() by rb_obj_inspect() in
rb_ary_inspect(), no exception will be raised.
Either, Array#inspect should call rb_obj_inspect(), too, so
that both lines succeed. The other solution would be that
rb_obj_inspect() raises an exception as well.
This is a matter of programming logic far beyond the $SAFE
mechanism. Please make a decision.
Thanks in advance.
Bertram
--
Bertram Scharpf
Stuttgart, Deutschland/Germany
http://www.bertram-scharpf.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:69985] Re: $SAFE inside an Array
2015-07-15 20:35 ` [ruby-core:69984] $SAFE inside an Array Bertram Scharpf
@ 2015-07-15 20:40 ` Bertram Scharpf
2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada
1 sibling, 0 replies; 4+ messages in thread
From: Bertram Scharpf @ 2015-07-15 20:40 UTC (permalink / raw)
To: ruby-core
Hi again,
On Wednesday, 15. Jul 2015, 22:35:12 +0200, Bertram Scharpf wrote:
> Either, Array#inspect should call rb_obj_inspect(), too, so
> that both lines succeed.
That was too fast. rb_obj_inspect(), of course, is something
else than C#inspect. This is not a solution.
Sorry.
Bertram
--
Bertram Scharpf
Stuttgart, Deutschland/Germany
http://www.bertram-scharpf.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:69996] Re: $SAFE inside an Array
2015-07-15 20:35 ` [ruby-core:69984] $SAFE inside an Array Bertram Scharpf
2015-07-15 20:40 ` [ruby-core:69985] " Bertram Scharpf
@ 2015-07-16 7:41 ` Nobuyoshi Nakada
2015-07-16 12:12 ` [ruby-core:70002] " Bertram Scharpf
1 sibling, 1 reply; 4+ messages in thread
From: Nobuyoshi Nakada @ 2015-07-16 7:41 UTC (permalink / raw)
To: ruby-core
On 2015/07/16 5:35, Bertram Scharpf wrote:
>> The output is:
>>
>> <C>
>> insecure.rb:12:in `inspect': calling insecure method: inspect (SecurityError)
>> from insecure.rb:12:in `<main>'
>>
>> Why is the first #inspect allowed but the second is not?
>> Should I still use $SAFE at all?
It is fixed in the trunk.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:70002] Re: $SAFE inside an Array
2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada
@ 2015-07-16 12:12 ` Bertram Scharpf
0 siblings, 0 replies; 4+ messages in thread
From: Bertram Scharpf @ 2015-07-16 12:12 UTC (permalink / raw)
To: Ruby developers
On Thursday, 16. Jul 2015, 16:41:40 +0900, Nobuyoshi Nakada wrote:
> On 2015/07/16 5:35, Bertram Scharpf wrote:
> > > The output is:
> > >
> > > <C>
> > > insecure.rb:12:in `inspect': calling insecure method: inspect (SecurityError)
> > > from insecure.rb:12:in `<main>'
> > >
> > > Why is the first #inspect allowed but the second is not?
> > > Should I still use $SAFE at all?
>
> It is fixed in the trunk.
Thank you.
As far as I can see, it is here (from Git):
commit 18bbd05709a4d52704ac217f30c0d9f35830b7f0
Date: 2015-06-03 01:39:16 +0000
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50743 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
--
Bertram Scharpf
Stuttgart, Deutschland/Germany
http://www.bertram-scharpf.de
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-07-16 11:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20150714200732.GA59361@becker.bs.l>
2015-07-15 20:35 ` [ruby-core:69984] $SAFE inside an Array Bertram Scharpf
2015-07-15 20:40 ` [ruby-core:69985] " Bertram Scharpf
2015-07-16 7:41 ` [ruby-core:69996] " Nobuyoshi Nakada
2015-07-16 12:12 ` [ruby-core:70002] " Bertram Scharpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).