From: "matz (Yukihiro Matsumoto)" Date: 2012-05-08T16:39:16+09:00 Subject: [ruby-core:44936] [ruby-trunk - Feature #6409][Rejected] public_send is easily bypassed Issue #6409 has been updated by matz (Yukihiro Matsumoto). Status changed from Open to Rejected The whole purpose of public_send is to prohibit the invocation of non-public methods, probably to help detecting error earlier. In that sense, as Jeremy expressed, we see no reason to prohibit #send the public method. public_send (and method visibility in general) is not the way to ensure anything, e.g. security. Matz. ---------------------------------------- Feature #6409: public_send is easily bypassed https://bugs.ruby-lang.org/issues/6409#change-26524 Author: postmodern (Hal Brodigan) Status: Rejected Priority: Normal Assignee: Category: core Target version: 2.0.0 =begin (({public_send})) can easily be bypassed, by using it to call (({send})). (({public_send})) should explicitly not allow calling (({send})). class Test private def secret "top secret" end end t = Test.new t.public_send(:secret) # => NoMethodError: private method `secret' called for # t.public_send(:send, :secret) # => "top secret" t.public_send(:send, :exec, "rm -rf ~") =end -- http://bugs.ruby-lang.org/