From: "headius (Charles Nutter)" <headius@...>
Date: 2012-04-03T02:07:15+09:00
Subject: [ruby-core:44075] [ruby-trunk - Feature #5455] $SAFE should be removed


Issue #5455 has been updated by headius (Charles Nutter).


A deprecation warning would be good in any case.

Is it the position of ruby-core/MRI/Matz that $SAFE should be used for security purposes? There are a number of Rubyists (not to mention content in some Ruby books) that claim this.

However, the equivalent feature from other languages (Perl, primarily) is *not* intended to be used to provide a secure environment. The warnings from safe mode in those languages are intended to be advisory, used before deployment, and it is discouraged to use safe mode in production. Enforcing $SAFE as a security mechanism also requires all code everywhere to properly handle tainting and untrust...including C extensions. $SAFE/taint/untrust is just a bad way to do security.

I suggest that $SAFE should *at least* be deprecated in 2.0. I'm guessing that the window has closed on coming up with a "better" security replacement, but people should know that $SAFE does not provide the security guarantees they think it does.
----------------------------------------
Feature #5455: $SAFE should be removed
https://bugs.ruby-lang.org/issues/5455#change-25609

Author: kosaki (Motohiro KOSAKI)
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: 3.0


see

[ruby-dev:44554]
[ruby-dev:44572] 



-- 
http://bugs.ruby-lang.org/