From: "headius (Charles Nutter)" Date: 2012-04-03T02:07:15+09:00 Subject: [ruby-core:44075] [ruby-trunk - Feature #5455] $SAFE should be removed Issue #5455 has been updated by headius (Charles Nutter). A deprecation warning would be good in any case. Is it the position of ruby-core/MRI/Matz that $SAFE should be used for security purposes? There are a number of Rubyists (not to mention content in some Ruby books) that claim this. However, the equivalent feature from other languages (Perl, primarily) is *not* intended to be used to provide a secure environment. The warnings from safe mode in those languages are intended to be advisory, used before deployment, and it is discouraged to use safe mode in production. Enforcing $SAFE as a security mechanism also requires all code everywhere to properly handle tainting and untrust...including C extensions. $SAFE/taint/untrust is just a bad way to do security. I suggest that $SAFE should *at least* be deprecated in 2.0. I'm guessing that the window has closed on coming up with a "better" security replacement, but people should know that $SAFE does not provide the security guarantees they think it does. ---------------------------------------- Feature #5455: $SAFE should be removed https://bugs.ruby-lang.org/issues/5455#change-25609 Author: kosaki (Motohiro KOSAKI) Status: Open Priority: Normal Assignee: Category: Target version: 3.0 see [ruby-dev:44554] [ruby-dev:44572] -- http://bugs.ruby-lang.org/