diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/debug.rb | 5 | ||||
-rw-r--r-- | lib/drb/drb.rb | 62 | ||||
-rw-r--r-- | lib/erb.rb | 20 | ||||
-rw-r--r-- | lib/net/smtp.rb | 6 | ||||
-rw-r--r-- | lib/tempfile.rb | 4 | ||||
-rw-r--r-- | lib/tmpdir.rb | 34 |
6 files changed, 25 insertions, 106 deletions
diff --git a/lib/debug.rb b/lib/debug.rb index 34d7d27406..ce8b7d7fb9 100644 --- a/lib/debug.rb +++ b/lib/debug.rb @@ -5,11 +5,6 @@ require 'continuation' -if $SAFE > 0 - STDERR.print "-r debug.rb is not available in safe mode\n" - exit 1 -end - require 'tracer' require 'pp' diff --git a/lib/drb/drb.rb b/lib/drb/drb.rb index 5c7f66ac16..0063e20144 100644 --- a/lib/drb/drb.rb +++ b/lib/drb/drb.rb @@ -160,8 +160,6 @@ require_relative 'eq' # # The object that handles requests on the server # FRONT_OBJECT=TimeServer.new # -# $SAFE = 1 # disable eval() and friends -# # DRb.start_service(URI, FRONT_OBJECT) # # Wait for the drb server thread to finish before exiting. # DRb.thread.join @@ -245,8 +243,6 @@ require_relative 'eq' # # FRONT_OBJECT=LoggerFactory.new("/tmp/dlog") # -# $SAFE = 1 # disable eval() and friends -# # DRb.start_service(URI, FRONT_OBJECT) # DRb.thread.join # @@ -286,10 +282,7 @@ require_relative 'eq' # ro.instance_eval("`rm -rf *`") # # The dangers posed by instance_eval and friends are such that a -# DRbServer should generally be run with $SAFE set to at least -# level 1. This will disable eval() and related calls on strings -# passed across the wire. The sample usage code given above follows -# this practice. +# DRbServer should only be used when clients are trusted. # # A DRbServer can be configured with an access control list to # selectively allow or deny access from specified IP addresses. The @@ -1362,7 +1355,6 @@ module DRb @@argc_limit = 256 @@load_limit = 0xffffffff @@verbose = false - @@safe_level = 0 # Set the default value for the :argc_limit option. # @@ -1392,11 +1384,8 @@ module DRb @@idconv = idconv end - # Set the default safe level to +level+. The default safe level is 0 - # - # See #new for more information. - def self.default_safe_level(level) - @@safe_level = level + def self.default_safe_level(level) # :nodoc: + # Remove in Ruby 3.0 end # Set the default value of the :verbose option. @@ -1418,7 +1407,6 @@ module DRb :tcp_acl => @@acl, :load_limit => @@load_limit, :argc_limit => @@argc_limit, - :safe_level => @@safe_level } default_config.update(hash) end @@ -1452,10 +1440,6 @@ module DRb # :argc_limit :: the maximum number of arguments to a remote # method accepted by the server. Defaults to # 256. - # :safe_level :: The safe level of the DRbServer. The attribute - # sets $SAFE for methods performed in the main_loop. - # Defaults to 0. - # # The default values of these options can be modified on # a class-wide basis by the class methods #default_argc_limit, # #default_load_limit, #default_acl, #default_id_conv, @@ -1487,7 +1471,6 @@ module DRb @front = front @idconv = @config[:idconv] - @safe_level = @config[:safe_level] @grp = ThreadGroup.new @thread = run @@ -1514,11 +1497,10 @@ module DRb # The configuration of this DRbServer attr_reader :config - # The safe level for this server. This is a number corresponding to - # $SAFE. - # - # The default safe_level is 0 - attr_reader :safe_level + def safe_level # :nodoc: + # Remove in Ruby 3.0 + 0 + end # Set whether to operate in verbose mode. # @@ -1652,7 +1634,6 @@ module DRb class InvokeMethod # :nodoc: def initialize(drb_server, client) @drb_server = drb_server - @safe_level = drb_server.safe_level @client = client end @@ -1661,33 +1642,10 @@ module DRb @succ = false setup_message - if $SAFE < @safe_level - info = Thread.current['DRb'] - if @block - @result = Thread.new do - Thread.current['DRb'] = info - prev_safe_level = $SAFE - $SAFE = @safe_level - perform_with_block - ensure - $SAFE = prev_safe_level - end.value - else - @result = Thread.new do - Thread.current['DRb'] = info - prev_safe_level = $SAFE - $SAFE = @safe_level - perform_without_block - ensure - $SAFE = prev_safe_level - end.value - end + if @block + @result = perform_with_block else - if @block - @result = perform_with_block - else - @result = perform_without_block - end + @result = perform_without_block end @succ = true case @result diff --git a/lib/erb.rb b/lib/erb.rb index 3f26c2ff30..d2ea64ab60 100644 --- a/lib/erb.rb +++ b/lib/erb.rb @@ -57,7 +57,6 @@ require "cgi/util" # # There are several settings you can change when you use ERB: # * the nature of the tags that are recognized; -# * the value of <tt>$SAFE</tt> under which the template is run; # * the binding used to resolve local variables in the template. # # See the ERB.new and ERB#result methods for more detail. @@ -747,9 +746,7 @@ class ERB # Constructs a new ERB object with the template specified in _str_. # # An ERB object works by building a chunk of Ruby code that will output - # the completed template when run. If _safe_level_ is set to a non-nil value, - # ERB code will be run in a separate thread with <b>$SAFE</b> set to the - # provided level. + # the completed template when run. # # If _trim_mode_ is passed a String containing one or more of the following # modifiers, ERB will adjust its code generation as listed: @@ -813,8 +810,6 @@ class ERB # Complex initializer for $SAFE deprecation at [Feature #14256]. Use keyword arguments to pass trim_mode or eoutvar. if safe_level != NOT_GIVEN warn 'Passing safe_level with the 2nd argument of ERB.new is deprecated. Do not use it, and specify other arguments as keyword arguments.', uplevel: 1 if $VERBOSE || !ZERO_SAFE_LEVELS.include?(safe_level) - else - safe_level = nil end if legacy_trim_mode != NOT_GIVEN warn 'Passing trim_mode with the 3rd argument of ERB.new is deprecated. Use keyword argument like ERB.new(str, trim_mode: ...) instead.', uplevel: 1 if $VERBOSE @@ -825,7 +820,6 @@ class ERB eoutvar = legacy_eoutvar end - @safe_level = safe_level compiler = make_compiler(trim_mode) set_eoutvar(compiler, eoutvar) @src, @encoding, @frozen_string = *compiler.compile(str) @@ -908,17 +902,7 @@ class ERB unless @_init.equal?(self.class.singleton_class) raise ArgumentError, "not initialized" end - if @safe_level - proc do - prev_safe_level = $SAFE - $SAFE = @safe_level - eval(@src, b, (@filename || '(erb)'), @lineno) - ensure - $SAFE = prev_safe_level - end.call - else - eval(@src, b, (@filename || '(erb)'), @lineno) - end + eval(@src, b, (@filename || '(erb)'), @lineno) end # Render a template on a new toplevel binding with local variables specified diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb index 8e10dc24b3..460ad08233 100644 --- a/lib/net/smtp.rb +++ b/lib/net/smtp.rb @@ -831,9 +831,6 @@ module Net end def mailfrom(from_addr) - if $SAFE > 0 - raise SecurityError, 'tainted from_addr' if from_addr.tainted? - end getok("MAIL FROM:<#{from_addr}>") end @@ -859,9 +856,6 @@ module Net end def rcptto(to_addr) - if $SAFE > 0 - raise SecurityError, 'tainted to_addr' if to_addr.tainted? - end getok("RCPT TO:<#{to_addr}>") end diff --git a/lib/tempfile.rb b/lib/tempfile.rb index f7caf65f0c..efb0b1bcd6 100644 --- a/lib/tempfile.rb +++ b/lib/tempfile.rb @@ -98,10 +98,6 @@ class Tempfile < DelegateClass(File) # # The temporary file will be placed in the directory as specified # by the +tmpdir+ parameter. By default, this is +Dir.tmpdir+. - # When $SAFE > 0 and the given +tmpdir+ is tainted, it uses - # '/tmp' as the temporary directory. Please note that ENV values - # are tainted by default, and +Dir.tmpdir+'s return value might - # come from environment variables (e.g. <tt>$TMPDIR</tt>). # # file = Tempfile.new('hello', '/home/aisaka') # file.path # => something like: "/home/aisaka/hello2843-8392-92849382--0" diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index d7a8f799fe..ea1d380ef1 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -19,22 +19,18 @@ class Dir # Returns the operating system's temporary file path. def self.tmpdir - if $SAFE > 0 - @@systmpdir.dup - else - tmp = nil - [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'], @@systmpdir, '/tmp', '.'].each do |dir| - next if !dir - dir = File.expand_path(dir) - if stat = File.stat(dir) and stat.directory? and stat.writable? and - (!stat.world_writable? or stat.sticky?) - tmp = dir - break - end rescue nil - end - raise ArgumentError, "could not find a temporary directory" unless tmp - tmp + tmp = nil + [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'], @@systmpdir, '/tmp', '.'].each do |dir| + next if !dir + dir = File.expand_path(dir) + if stat = File.stat(dir) and stat.directory? and stat.writable? and + (!stat.world_writable? or stat.sticky?) + tmp = dir + break + end rescue nil end + raise ArgumentError, "could not find a temporary directory" unless tmp + tmp end # Dir.mktmpdir creates a temporary directory. @@ -115,12 +111,8 @@ class Dir UNUSABLE_CHARS = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR, ":"].uniq.join("").freeze def create(basename, tmpdir=nil, max_try: nil, **opts) - if $SAFE > 0 and tmpdir.tainted? - tmpdir = '/tmp' - else - origdir = tmpdir - tmpdir ||= tmpdir() - end + origdir = tmpdir + tmpdir ||= tmpdir() n = nil prefix, suffix = basename prefix = (String.try_convert(prefix) or |