From: "shugo (Shugo Maeda)" Date: 2013-02-15T10:40:46+09:00 Subject: [ruby-core:52272] [ruby-trunk - Feature #7839] Symbol.freeze_symbols Issue #7839 has been updated by shugo (Shugo Maeda). Student (Nathan Zook) wrote: > +1 to prohibiting interning of tainted strings. Probably $SAFE >= 1, though. Currently, this is a problem for $SAFE <= 2. $SAFE is not implemented in other implementations, so this issue should be addressed without $SAFE. ---------------------------------------- Feature #7839: Symbol.freeze_symbols https://bugs.ruby-lang.org/issues/7839#change-36301 Author: tenderlovemaking (Aaron Patterson) Status: Open Priority: Normal Assignee: Category: core Target version: next minor Hi, On team Rails, we're having troubles with Symbol creation DoS attacks. From our perspective, there should be a point in the application where symbols should stabilize, meaning we don't expect the number of symbols to increase while the process is running. I'd like to be able to call a method like `Symbol.freeze_symbols` which would essentially freeze the symbol hash, such that if any new symbols are created, an exception would be thrown. I can work on a patch for this, but I wanted to throw the idea out there. -- http://bugs.ruby-lang.org/