From: "jballanc (Joshua Ballanco)" Date: 2013-06-03T17:24:26+09:00 Subject: [ruby-core:55270] [ruby-trunk - Feature #8468] Remove $SAFE Issue #8468 has been updated by jballanc (Joshua Ballanco). I agree with charliesome that sandboxing is best handled by the running system, and not as a language feature. Still, I think we can include support for such facilities (where they are available) in a standardized way. Might I suggest something along the lines of MacRuby's Sandbox or the RubyGem Playpen (https://github.com/tenderlove/playpen)? The general idea would be to have a few predefined, high-level sandbox directives (no_disk, no_internet, etc.), as well as a defined mechanism for accessing lower-level facilities unique to each platform. While this is obviously not an ideal solution, I fear it is the best we could do without re-inventing Ruby from the ground-up with sandboxing in mind (perhaps mRuby will have better luck in this regard). Finally, it might be useful to consider the discussion/debate the Clojure community recently went through with regards to *read-eval* (a discussion that took place in response to the recent Rails/YAML vulnerabilities), as well as the ultimate conclusion that it is futile to attempt, in effect, to secure "eval": https://groups.google.com/d/topic/clojure-dev/zG90eRnbbJQ/discussion ---------------------------------------- Feature #8468: Remove $SAFE https://bugs.ruby-lang.org/issues/8468#change-39665 Author: shugo (Shugo Maeda) Status: Feedback Priority: Normal Assignee: shugo (Shugo Maeda) Category: core Target version: current: 2.1.0 Yesterday, at GitHub Tokyo drinkup (thanks, GitHub!), Matz agreed to remove the $SAFE == 4 feature from Ruby 2.1. Shibata-san, a developer of tDiary, which is the only application using $SAFE == 4, also agreed to remove it, so today is a good day to say goodbye to $SAFE (at least level 4). Furthermore, I'm wondering whether $SAFE should be removed entirely, or not. Is there anyone using $SAFE? -- http://bugs.ruby-lang.org/