diff options
73 files changed, 95 insertions, 978 deletions
@@ -1,3 +1,45 @@ +Wed Jun 12 22:58:48 2013 Shugo Maeda <shugo@ruby-lang.org> + + * safe.c (rb_set_safe_level, safe_setter): raise an ArgumentError + when $SAFE is set to 4. $SAFE=4 is now obsolete. + [ruby-core:55222] [Feature #8468] + + * object.c (rb_obj_untrusted, rb_obj_untrust, rb_obj_trust): + Kernel#untrusted?, untrust, and trust are now deprecated. + Their behavior is same as tainted?, taint, and untaint, + respectively. + + * include/ruby/ruby.h (OBJ_UNTRUSTED, OBJ_UNTRUST): OBJ_UNTRUSTED() + and OBJ_UNTRUST() are aliases of OBJ_TAINTED() and OBJ_TAINT(), + respectively. + + * array.c, class.c, debug.c, dir.c, encoding.c, error.c, eval.c, + ext/curses/curses.c, ext/dbm/dbm.c, ext/dl/cfunc.c, + ext/dl/cptr.c, ext/dl/dl.c, ext/etc/etc.c, ext/fiddle/fiddle.c, + ext/fiddle/pointer.c, ext/gdbm/gdbm.c, ext/readline/readline.c, + ext/sdbm/init.c, ext/socket/ancdata.c, ext/socket/basicsocket.c, + ext/socket/socket.c, ext/socket/udpsocket.c, + ext/stringio/stringio.c, ext/syslog/syslog.c, ext/tk/tcltklib.c, + ext/win32ole/win32ole.c, file.c, gc.c, hash.c, io.c, iseq.c, + load.c, marshal.c, object.c, proc.c, process.c, random.c, re.c, + safe.c, string.c, thread.c, transcode.c, variable.c, + vm_insnhelper.c, vm_method.c, vm_trace.c: remove code for + $SAFE=4. + + * test/dl/test_dl2.rb, test/erb/test_erb.rb, + test/readline/test_readline.rb, + test/readline/test_readline_history.rb, test/ruby/test_alias.rb, + test/ruby/test_array.rb, test/ruby/test_dir.rb, + test/ruby/test_encoding.rb, test/ruby/test_env.rb, + test/ruby/test_eval.rb, test/ruby/test_exception.rb, + test/ruby/test_file_exhaustive.rb, test/ruby/test_hash.rb, + test/ruby/test_io.rb, test/ruby/test_method.rb, + test/ruby/test_module.rb, test/ruby/test_object.rb, + test/ruby/test_pack.rb, test/ruby/test_rand.rb, + test/ruby/test_regexp.rb, test/ruby/test_settracefunc.rb, + test/ruby/test_struct.rb, test/ruby/test_thread.rb, + test/ruby/test_time.rb: remove tests for $SAFE=4. + Wed Jun 12 22:18:23 2013 Tanaka Akira <akr@fsij.org> * bignum.c (integer_unpack_num_bdigits_generic): Rewritten without @@ -257,8 +257,6 @@ static inline void rb_ary_modify_check(VALUE ary) { rb_check_frozen(ary); - if (!OBJ_UNTRUSTED(ary) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify array"); } void @@ -1843,7 +1841,6 @@ ary_join_0(VALUE ary, VALUE sep, long max, VALUE result) rb_str_buf_append(result, sep); rb_str_buf_append(result, val); if (OBJ_TAINTED(val)) OBJ_TAINT(result); - if (OBJ_UNTRUSTED(val)) OBJ_TAINT(result); } } @@ -1905,12 +1902,10 @@ rb_ary_join(VALUE ary, VALUE sep) { long len = 1, i; int taint = FALSE; - int untrust = FALSE; VALUE val, tmp, result; if (RARRAY_LEN(ary) == 0) return rb_usascii_str_new(0, 0); if (OBJ_TAINTED(ary)) taint = TRUE; - if (OBJ_UNTRUSTED(ary)) untrust = TRUE; if (!NIL_P(sep)) { StringValue(sep); @@ -1925,7 +1920,6 @@ rb_ary_join(VALUE ary, VALUE sep) result = rb_str_buf_new(len + (RARRAY_LEN(ary)-i)*10); rb_enc_associate(result, rb_usascii_encoding()); if (taint) OBJ_TAINT(result); - if (untrust) OBJ_UNTRUST(result); ary_join_0(ary, sep, i, result); first = i == 0; ary_join_1(ary, ary, sep, i, result, &first); @@ -1937,7 +1931,6 @@ rb_ary_join(VALUE ary, VALUE sep) result = rb_str_buf_new(len); if (taint) OBJ_TAINT(result); - if (untrust) OBJ_UNTRUST(result); ary_join_0(ary, sep, RARRAY_LEN(ary), result); return result; @@ -1971,7 +1964,6 @@ static VALUE inspect_ary(VALUE ary, VALUE dummy, int recur) { int tainted = OBJ_TAINTED(ary); - int untrust = OBJ_UNTRUSTED(ary); long i; VALUE s, str; @@ -1980,14 +1972,12 @@ inspect_ary(VALUE ary, VALUE dummy, int recur) for (i=0; i<RARRAY_LEN(ary); i++) { s = rb_inspect(RARRAY_AREF(ary, i)); if (OBJ_TAINTED(s)) tainted = TRUE; - if (OBJ_UNTRUSTED(s)) untrust = TRUE; if (i > 0) rb_str_buf_cat2(str, ", "); else rb_enc_copy(str, s); rb_str_buf_append(str, s); } rb_str_buf_cat2(str, "]"); if (tainted) OBJ_TAINT(str); - if (untrust) OBJ_UNTRUST(str); return str; } @@ -696,9 +696,6 @@ rb_include_module(VALUE klass, VALUE module) int changed = 0; rb_frozen_class_p(klass); - if (!OBJ_UNTRUSTED(klass)) { - rb_secure(4); - } if (!RB_TYPE_P(module, T_MODULE)) { Check_Type(module, T_MODULE); @@ -804,9 +801,6 @@ rb_prepend_module(VALUE klass, VALUE module) int changed = 0; rb_frozen_class_p(klass); - if (!OBJ_UNTRUSTED(klass)) { - rb_secure(4); - } Check_Type(module, T_MODULE); @@ -1440,12 +1434,6 @@ singleton_class_of(VALUE obj) else { FL_UNSET(klass, FL_TAINT); } - if (OBJ_UNTRUSTED(obj)) { - OBJ_UNTRUST(klass); - } - else { - FL_UNSET(klass, FL_UNTRUSTED); - } if (OBJ_FROZEN(obj)) OBJ_FREEZE(klass); return klass; @@ -36,7 +36,6 @@ const union { RUBY_FL_OLDGEN = FL_OLDGEN, RUBY_FL_FINALIZE = FL_FINALIZE, RUBY_FL_TAINT = FL_TAINT, - RUBY_FL_UNTRUSTED = FL_UNTRUSTED, RUBY_FL_EXIVAR = FL_EXIVAR, RUBY_FL_FREEZE = FL_FREEZE, RUBY_FL_SINGLETON = FL_SINGLETON, @@ -507,8 +507,6 @@ static struct dir_data * dir_check(VALUE dir) { struct dir_data *dirp; - if (!OBJ_UNTRUSTED(dir) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: operation on trusted Dir"); rb_check_frozen(dir); dirp = rb_check_typeddata(dir, &dir_data_type); if (!dirp->dir) dir_closed(); @@ -746,9 +744,6 @@ dir_rewind(VALUE dir) { struct dir_data *dirp; - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(dir)) { - rb_raise(rb_eSecurityError, "Insecure: can't close"); - } GetDIR(dir, dirp); rewinddir(dirp->dir); return dir; @@ -896,7 +891,6 @@ rb_dir_getwd(void) char *path; VALUE cwd; - rb_secure(4); path = my_getcwd(); cwd = rb_tainted_str_new2(path); rb_enc_associate(cwd, rb_filesystem_encoding()); diff --git a/encoding.c b/encoding.c index 6fb14a5795..ad7e4bcc14 100644 --- a/encoding.c +++ b/encoding.c @@ -591,7 +591,7 @@ load_encoding(const char *name) else if (ISUPPER(*s)) *s = (char)TOLOWER(*s); ++s; } - FL_UNSET(enclib, FL_TAINT|FL_UNTRUSTED); + FL_UNSET(enclib, FL_TAINT); OBJ_FREEZE(enclib); ruby_verbose = Qfalse; ruby_debug = Qfalse; @@ -2039,7 +2039,6 @@ rb_error_untrusted(VALUE obj) void rb_check_trusted(VALUE obj) { - rb_check_trusted_internal(obj); } void @@ -2047,9 +2046,8 @@ rb_check_copyable(VALUE obj, VALUE orig) { if (!FL_ABLE(obj)) return; rb_check_frozen_internal(obj); - rb_check_trusted_internal(obj); if (!FL_ABLE(orig)) return; - if ((~RBASIC(obj)->flags & RBASIC(orig)->flags) & (FL_UNTRUSTED|FL_TAINT)) { + if ((~RBASIC(obj)->flags & RBASIC(orig)->flags) & FL_TAINT) { if (rb_safe_level() > 0) { rb_raise(rb_eSecurityError, "Insecure: can't modify %"PRIsVALUE, RBASIC(obj)->klass); @@ -1331,7 +1331,6 @@ top_include(int argc, VALUE *argv, VALUE self) { rb_thread_t *th = GET_THREAD(); - rb_secure(4); if (th->top_wrapper) { rb_warning("main.include in the wrapped load is effective only in wrapper module"); return rb_mod_include(argc, argv, th->top_wrapper); diff --git a/ext/curses/curses.c b/ext/curses/curses.c index 113b2bf5a9..49704cbe4e 100644 --- a/ext/curses/curses.c +++ b/ext/curses/curses.c @@ -145,7 +145,6 @@ prep_window(VALUE class, WINDOW *window) static VALUE curses_init_screen(void) { - rb_secure(4); if (rb_stdscr) return rb_stdscr; initscr(); if (stdscr == 0) { @@ -1491,7 +1490,6 @@ window_initialize(VALUE obj, VALUE h, VALUE w, VALUE top, VALUE left) struct windata *winp; WINDOW *window; - rb_secure(4); curses_init_screen(); TypedData_Get_Struct(obj, struct windata, &windata_type, winp); if (winp->window) delwin(winp->window); @@ -2511,7 +2509,6 @@ pad_initialize(VALUE obj, VALUE h, VALUE w) struct windata *padp; WINDOW *window; - rb_secure(4); curses_init_screen(); TypedData_Get_Struct(obj, struct windata, &windata_type, padp); if (padp->window) delwin(padp->window); diff --git a/ext/dbm/dbm.c b/ext/dbm/dbm.c index 27ade017e1..157cada14b 100644 --- a/ext/dbm/dbm.c +++ b/ext/dbm/dbm.c @@ -392,7 +392,6 @@ fdbm_values_at(int argc, VALUE *argv, VALUE obj) static void fdbm_modify(VALUE obj) { - rb_secure(4); if (OBJ_FROZEN(obj)) rb_error_frozen("DBM"); } diff --git a/ext/dl/cfunc.c b/ext/dl/cfunc.c index b68129f8ed..70be45624e 100644 --- a/ext/dl/cfunc.c +++ b/ext/dl/cfunc.c @@ -86,7 +86,6 @@ rb_dlcfunc_new(void (*func)(), int type, const char *name, ID calltype) VALUE val; struct cfunc_data *data; - rb_secure(4); if( func ){ val = TypedData_Make_Struct(rb_cDLCFunc, struct cfunc_data, &dlcfunc_data_type, data); data->ptr = (void *)(VALUE)func; @@ -346,8 +345,6 @@ rb_dlcfunc_call(VALUE self, VALUE ary) DLSTACK_TYPE stack[DLSTACK_SIZE]; VALUE result = Qnil; - rb_secure_update(self); - memset(stack, 0, sizeof(DLSTACK_TYPE) * DLSTACK_SIZE); Check_Type(ary, T_ARRAY); diff --git a/ext/dl/cptr.c b/ext/dl/cptr.c index 636099d1fd..9e59139fc9 100644 --- a/ext/dl/cptr.c +++ b/ext/dl/cptr.c @@ -69,7 +69,6 @@ rb_dlptr_new2(VALUE klass, void *ptr, long size, freefunc_t func) struct ptr_data *data; VALUE val; - rb_secure(4); val = TypedData_Make_Struct(klass, struct ptr_data, &dlptr_data_type, data); data->ptr = ptr; data->free = func; @@ -90,7 +89,6 @@ rb_dlptr_malloc(long size, freefunc_t func) { void *ptr; - rb_secure(4); ptr = ruby_xmalloc((size_t)size); memset(ptr,0,(size_t)size); return rb_dlptr_new(ptr, size, func); @@ -122,7 +120,6 @@ rb_dlptr_s_allocate(VALUE klass) VALUE obj; struct ptr_data *data; - rb_secure(4); obj = TypedData_Make_Struct(klass, struct ptr_data, &dlptr_data_type, data); data->ptr = 0; data->size = 0; diff --git a/ext/dl/dl.c b/ext/dl/dl.c index 691eecde35..23f5d7fe6e 100644 --- a/ext/dl/dl.c +++ b/ext/dl/dl.c @@ -81,7 +81,6 @@ rb_dl_malloc(VALUE self, VALUE size) { void *ptr; - rb_secure(4); ptr = (void*)ruby_xmalloc(NUM2INT(size)); return PTR2NUM(ptr); } @@ -98,7 +97,6 @@ rb_dl_realloc(VALUE self, VALUE addr, VALUE size) { void *ptr = NUM2PTR(addr); - rb_secure(4); ptr = (void*)ruby_xrealloc(ptr, NUM2INT(size)); return PTR2NUM(ptr); } @@ -113,7 +111,6 @@ rb_dl_free(VALUE self, VALUE addr) { void *ptr = NUM2PTR(addr); - rb_secure(4); ruby_xfree(ptr); return Qnil; } @@ -137,7 +134,6 @@ rb_dl_free(VALUE self, VALUE addr) VALUE rb_dl_ptr2value(VALUE self, VALUE addr) { - rb_secure(4); return (VALUE)NUM2PTR(addr); } diff --git a/ext/etc/etc.c b/ext/etc/etc.c index c1cfead947..74a1fedbeb 100644 --- a/ext/etc/etc.c +++ b/ext/etc/etc.c @@ -60,7 +60,6 @@ etc_getlogin(VALUE obj) { char *login; - rb_secure(4); #ifdef HAVE_GETLOGIN login = getlogin(); if (!login) login = getenv("USER"); @@ -147,7 +146,6 @@ etc_getpwuid(int argc, VALUE *argv, VALUE obj) rb_uid_t uid; struct passwd *pwd; - rb_secure(4); if (rb_scan_args(argc, argv, "01", &id) == 1) { uid = NUM2UIDT(id); } @@ -251,7 +249,6 @@ etc_passwd(VALUE obj) #ifdef HAVE_GETPWENT struct passwd *pw; - rb_secure(4); if (rb_block_given_p()) { each_passwd(); } @@ -391,7 +388,6 @@ etc_getgrgid(int argc, VALUE *argv, VALUE obj) gid_t gid; struct group *grp; - rb_secure(4); if (rb_scan_args(argc, argv, "01", &id) == 1) { gid = NUM2GIDT(id); } @@ -428,7 +424,6 @@ etc_getgrnam(VALUE obj, VALUE nam) #ifdef HAVE_GETGRENT struct group *grp; - rb_secure(4); SafeStringValue(nam); grp = getgrnam(RSTRING_PTR(nam)); if (grp == 0) rb_raise(rb_eArgError, "can't find group for %s", RSTRING_PTR(nam)); @@ -494,7 +489,6 @@ etc_group(VALUE obj) #ifdef HAVE_GETGRENT struct group *grp; - rb_secure(4); if (rb_block_given_p()) { each_group(); } @@ -624,7 +618,7 @@ etc_systmpdir(void) #else tmpdir = rb_filesystem_str_new_cstr("/tmp"); #endif - FL_UNSET(tmpdir, FL_TAINT|FL_UNTRUSTED); + FL_UNSET(tmpdir, FL_TAINT); return tmpdir; } diff --git a/ext/fiddle/fiddle.c b/ext/fiddle/fiddle.c index 803a5a9fc0..7a7c708245 100644 --- a/ext/fiddle/fiddle.c +++ b/ext/fiddle/fiddle.c @@ -48,7 +48,6 @@ rb_fiddle_malloc(VALUE self, VALUE size) { void *ptr; - rb_secure(4); ptr = (void*)ruby_xmalloc(NUM2INT(size)); return PTR2NUM(ptr); } @@ -65,7 +64,6 @@ rb_fiddle_realloc(VALUE self, VALUE addr, VALUE size) { void *ptr = NUM2PTR(addr); - rb_secure(4); ptr = (void*)ruby_xrealloc(ptr, NUM2INT(size)); return PTR2NUM(ptr); } @@ -80,7 +78,6 @@ rb_fiddle_free(VALUE self, VALUE addr) { void *ptr = NUM2PTR(addr); - rb_secure(4); ruby_xfree(ptr); return Qnil; } @@ -104,7 +101,6 @@ rb_fiddle_free(VALUE self, VALUE addr) VALUE rb_fiddle_ptr2value(VALUE self, VALUE addr) { - rb_secure(4); return (VALUE)NUM2PTR(addr); } diff --git a/ext/fiddle/pointer.c b/ext/fiddle/pointer.c index fb9b31012f..4f4842fc33 100644 --- a/ext/fiddle/pointer.c +++ b/ext/fiddle/pointer.c @@ -76,7 +76,6 @@ rb_fiddle_ptr_new2(VALUE klass, void *ptr, long size, freefunc_t func) struct ptr_data *data; VALUE val; - rb_secure(4); val = TypedData_Make_Struct(klass, struct ptr_data, &fiddle_ptr_data_type, data); data->ptr = ptr; data->free = func; @@ -97,7 +96,6 @@ rb_fiddle_ptr_malloc(long size, freefunc_t func) { void *ptr; - rb_secure(4); ptr = ruby_xmalloc((size_t)size); memset(ptr,0,(size_t)size); return rb_fiddle_ptr_new(ptr, size, func); @@ -129,7 +127,6 @@ rb_fiddle_ptr_s_allocate(VALUE klass) VALUE obj; struct ptr_data *data; - rb_secure(4); obj = TypedData_Make_Struct(klass, struct ptr_data, &fiddle_ptr_data_type, data); data->ptr = 0; data->size = 0; diff --git a/ext/gdbm/gdbm.c b/ext/gdbm/gdbm.c index 45ed9594a7..ff0a6524bf 100644 --- a/ext/gdbm/gdbm.c +++ b/ext/gdbm/gdbm.c @@ -506,7 +506,6 @@ fgdbm_values_at(int argc, VALUE *argv, VALUE obj) static void rb_gdbm_modify(VALUE obj) { - rb_secure(4); if (OBJ_FROZEN(obj)) rb_error_frozen("GDBM"); } diff --git a/ext/readline/readline.c b/ext/readline/readline.c index 388f5e4bf6..0af87228bd 100644 --- a/ext/readline/readline.c +++ b/ext/readline/readline.c @@ -382,7 +382,6 @@ readline_readline(int argc, VALUE *argv, VALUE self) char *buff; int status; - rb_secure(4); if (rb_scan_args(argc, argv, "02", &tmp, &add_hist) > 0) { OutputStringValue(tmp); #if USE_INSERT_IGNORE_ESCAPE @@ -454,7 +453,6 @@ readline_s_set_input(VALUE self, VALUE input) { rb_io_t *ifp; - rb_secure(4); Check_Type(input, T_FILE); GetOpenFile(input, ifp); rl_instream = rb_io_stdio_file(ifp); @@ -478,7 +476,6 @@ readline_s_set_output(VALUE self, VALUE output) { rb_io_t *ofp; - rb_secure(4); Check_Type(output, T_FILE); GetOpenFile(output, ofp); rl_outstream = rb_io_stdio_file(ofp); @@ -503,7 +500,6 @@ readline_s_set_output(VALUE self, VALUE output) static VALUE readline_s_set_pre_input_hook(VALUE self, VALUE proc) { - rb_secure(4); if (!NIL_P(proc) && !rb_respond_to(proc, rb_intern("call"))) rb_raise(rb_eArgError, "argument must respond to `call'"); return rb_ivar_set(mReadline, id_pre_input_hook, proc); @@ -522,7 +518,6 @@ readline_s_set_pre_input_hook(VALUE self, VALUE proc) static VALUE readline_s_get_pre_input_hook(VALUE self) { - rb_secure(4); return rb_attr_get(mReadline, id_pre_input_hook); } @@ -555,7 +550,6 @@ readline_pre_input_hook(void) static VALUE readline_s_insert_text(VALUE self, VALUE str) { - rb_secure(4); OutputStringValue(str); rl_insert_text(RSTRING_PTR(str)); return self; @@ -579,7 +573,6 @@ readline_s_insert_text(VALUE self, VALUE str) static VALUE readline_s_redisplay(VALUE self) { - rb_secure(4); rl_redisplay(); return self; } @@ -660,7 +653,6 @@ readline_s_redisplay(VALUE self) static VALUE readline_s_set_completion_proc(VALUE self, VALUE proc) { - rb_secure(4); if (!NIL_P(proc) && !rb_respond_to(proc, rb_intern("call"))) rb_raise(rb_eArgError, "argument must respond to `call'"); return rb_ivar_set(mReadline, completion_proc, proc); @@ -677,7 +669,6 @@ readline_s_set_completion_proc(VALUE self, VALUE proc) static VALUE readline_s_get_completion_proc(VALUE self) { - rb_secure(4); return rb_attr_get(mReadline, completion_proc); } @@ -692,7 +683,6 @@ readline_s_get_completion_proc(VALUE self) static VALUE readline_s_set_completion_case_fold(VALUE self, VALUE val) { - rb_secure(4); return rb_ivar_set(mReadline, completion_case_fold, val); } @@ -715,7 +705,6 @@ readline_s_set_completion_case_fold(VALUE self, VALUE val) static VALUE readline_s_get_completion_case_fold(VALUE self) { - rb_secure(4); return rb_attr_get(mReadline, completion_case_fold); } @@ -734,7 +723,6 @@ readline_s_get_completion_case_fold(VALUE self) static VALUE readline_s_get_line_buffer(VALUE self) { - rb_secure(4); if (rl_line_buffer == NULL) return Qnil; return rb_locale_str_new_cstr(rl_line_buffer); @@ -760,7 +748,6 @@ readline_s_get_line_buffer(VALUE self) static VALUE readline_s_get_point(VALUE self) { - rb_secure(4); return INT2NUM(rl_point); } #else @@ -857,7 +844,6 @@ readline_attempted_completion_function(const char *text, int start, int end) static VALUE readline_s_set_screen_size(VALUE self, VALUE rows, VALUE columns) { - rb_secure(4); rl_set_screen_size(NUM2INT(rows), NUM2INT(columns)); return self; } @@ -884,7 +870,6 @@ readline_s_get_screen_size(VALUE self) int rows, columns; VALUE res; - rb_secure(4); rl_get_screen_size(&rows, &columns); res = rb_ary_new(); rb_ary_push(res, INT2NUM(rows)); @@ -910,7 +895,6 @@ readline_s_get_screen_size(VALUE self) static VALUE readline_s_vi_editing_mode(VALUE self) { - rb_secure(4); rl_vi_editing_mode(1,0); return Qnil; } @@ -932,7 +916,6 @@ readline_s_vi_editing_mode(VALUE self) static VALUE readline_s_vi_editing_mode_p(VALUE self) { - rb_secure(4); return rl_editing_mode == 0 ? Qtrue : Qfalse; } #else @@ -954,7 +937,6 @@ readline_s_vi_editing_mode_p(VALUE self) static VALUE readline_s_emacs_editing_mode(VALUE self) { - rb_secure(4); rl_emacs_editing_mode(1,0); return Qnil; } @@ -976,7 +958,6 @@ readline_s_emacs_editing_mode(VALUE self) static VALUE readline_s_emacs_editing_mode_p(VALUE self) { - rb_secure(4); return rl_editing_mode == 1 ? Qtrue : Qfalse; } #else @@ -1025,7 +1006,6 @@ readline_s_emacs_editing_mode_p(VALUE self) static VALUE readline_s_set_completion_append_character(VALUE self, VALUE str) { - rb_secure(4); if (NIL_P(str)) { rl_completion_append_character = '\0'; } @@ -1060,7 +1040,6 @@ readline_s_get_completion_append_character(VALUE self) { char buf[1]; - rb_secure(4); if (rl_completion_append_character == '\0') return Qnil; @@ -1089,7 +1068,6 @@ readline_s_set_basic_word_break_characters(VALUE self, VALUE str) { static char *basic_word_break_characters = NULL; - rb_secure(4); OutputStringValue(str); if (basic_word_break_characters == NULL) { basic_word_break_characters = @@ -1123,7 +1101,6 @@ readline_s_set_basic_word_break_characters(VALUE self, VALUE str) static VALUE readline_s_get_basic_word_break_characters(VALUE self, VALUE str) { - rb_secure(4); if (rl_basic_word_break_characters == NULL) return Qnil; return rb_locale_str_new_cstr(rl_basic_word_break_characters); @@ -1150,7 +1127,6 @@ readline_s_set_completer_word_break_characters(VALUE self, VALUE str) { static char *completer_word_break_characters = NULL; - rb_secure(4); OutputStringValue(str); if (completer_word_break_characters == NULL) { completer_word_break_characters = @@ -1184,7 +1160,6 @@ readline_s_set_completer_word_break_characters(VALUE self, VALUE str) static VALUE readline_s_get_completer_word_break_characters(VALUE self, VALUE str) { - rb_secure(4); if (rl_completer_word_break_characters == NULL) return Qnil; return rb_locale_str_new_cstr(rl_completer_word_break_characters); @@ -1213,7 +1188,6 @@ readline_s_get_completer_word_break_characters(VALUE self, VALUE str) static VALUE readline_s_set_special_prefixes(VALUE self, VALUE str) { - rb_secure(4); if (!NIL_P(str)) { OutputStringValue(str); str = rb_str_dup_frozen(str); @@ -1247,7 +1221,6 @@ static VALUE readline_s_get_special_prefixes(VALUE self) { VALUE str; - rb_secure(4); if (rl_special_prefixes == NULL) return Qnil; str = rb_ivar_get(mReadline, id_special_prefixes); if (!NIL_P(str)) { @@ -1277,7 +1250,6 @@ readline_s_set_basic_quote_characters(VALUE self, VALUE str) { static char *basic_quote_characters = NULL; - rb_secure(4); OutputStringValue(str); if (basic_quote_characters == NULL) { basic_quote_characters = @@ -1311,7 +1283,6 @@ readline_s_set_basic_quote_characters(VALUE self, VALUE str) static VALUE readline_s_get_basic_quote_characters(VALUE self, VALUE str) { - rb_secure(4); if (rl_basic_quote_characters == NULL) return Qnil; return rb_locale_str_new_cstr(rl_basic_quote_characters); @@ -1339,7 +1310,6 @@ readline_s_set_completer_quote_characters(VALUE self, VALUE str) { static char *completer_quote_characters = NULL; - rb_secure(4); OutputStringValue(str); if (completer_quote_characters == NULL) { completer_quote_characters = @@ -1373,7 +1343,6 @@ readline_s_set_completer_quote_characters(VALUE self, VALUE str) static VALUE readline_s_get_completer_quote_characters(VALUE self, VALUE str) { - rb_secure(4); if (rl_completer_quote_characters == NULL) return Qnil; return rb_locale_str_new_cstr(rl_completer_quote_characters); @@ -1399,7 +1368,6 @@ readline_s_set_filename_quote_characters(VALUE self, VALUE str) { static char *filename_quote_characters = NULL; - rb_secure(4); OutputStringValue(str); if (filename_quote_characters == NULL) { filename_quote_characters = @@ -1433,7 +1401,6 @@ readline_s_set_filename_quote_characters(VALUE self, VALUE str) static VALUE readline_s_get_filename_quote_characters(VALUE self, VALUE str) { - rb_secure(4); if (rl_filename_quote_characters == NULL) return Qnil; return rb_locale_str_new_cstr(rl_filename_quote_characters); @@ -1454,7 +1421,6 @@ readline_s_get_filename_quote_characters(VALUE self, VALUE str) static VALUE readline_s_refresh_line(VALUE self) { - rb_secure(4); rl_refresh_line(0, 0); return Qnil; } @@ -1486,7 +1452,6 @@ hist_get(VALUE self, VALUE index) HIST_ENTRY *entry = NULL; int i; - rb_secure(4); i = NUM2INT(index); if (i < 0) { i += history_length; @@ -1507,7 +1472,6 @@ hist_set(VALUE self, VALUE index, VALUE str) HIST_ENTRY *entry = NULL; int i; - rb_secure(4); i = NUM2INT(index); OutputStringValue(str); if (i < 0) { @@ -1528,7 +1492,6 @@ hist_set(VALUE self, VALUE index, VALUE str) static VALUE hist_push(VALUE self, VALUE str) { - rb_secure(4); OutputStringValue(str); add_history(RSTRING_PTR(str)); return self; @@ -1539,7 +1502,6 @@ hist_push_method(int argc, VALUE *argv, VALUE self) { VALUE str; - rb_secure(4); while (argc--) { str = *argv++; OutputStringValue(str); @@ -1555,7 +1517,6 @@ rb_remove_history(int index) HIST_ENTRY *entry; VALUE val; - rb_secure(4); entry = remove_history(index); if (entry) { val = rb_locale_str_new_cstr(entry->line); @@ -1574,7 +1535,6 @@ rb_remove_history(int index) static VALUE hist_pop(VALUE self) { - rb_secure(4); if (history_length > 0) { return rb_remove_history(history_length - 1); } else { @@ -1585,7 +1545,6 @@ hist_pop(VALUE self) static VALUE hist_shift(VALUE self) { - rb_secure(4); if (history_length > 0) { return rb_remove_history(0); } else { @@ -1601,7 +1560,6 @@ hist_each(VALUE self) RETURN_ENUMERATOR(self, 0, 0); - rb_secure(4); for (i = 0; i < history_length; i++) { entry = history_get(history_get_offset_func(i)); if (entry == NULL) @@ -1614,14 +1572,12 @@ hist_each(VALUE self) static VALUE hist_length(VALUE self) { - rb_secure(4); return INT2NUM(history_length); } static VALUE hist_empty_p(VALUE self) { - rb_secure(4); return history_length == 0 ? Qtrue : Qfalse; } @@ -1630,7 +1586,6 @@ hist_delete_at(VALUE self, VALUE index) { int i; - rb_secure(4); i = NUM2INT(index); if (i < 0) i += history_length; @@ -1644,7 +1599,6 @@ hist_delete_at(VALUE self, VALUE index) static VALUE hist_clear(VALUE self) { - rb_secure(4); clear_history(); return self; } diff --git a/ext/sdbm/init.c b/ext/sdbm/init.c index 4eee21573f..78add53e4f 100644 --- a/ext/sdbm/init.c +++ b/ext/sdbm/init.c @@ -396,7 +396,6 @@ fsdbm_values_at(int argc, VALUE *argv, VALUE obj) static void fdbm_modify(VALUE obj) { - rb_secure(4); if (OBJ_FROZEN(obj)) rb_error_frozen("SDBM"); } diff --git a/ext/socket/ancdata.c b/ext/socket/ancdata.c index 7fe965918d..144c2bf162 100644 --- a/ext/socket/ancdata.c +++ b/ext/socket/ancdata.c @@ -1140,7 +1140,6 @@ bsock_sendmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock) int flags; ssize_t ss; - rb_secure(4); GetOpenFile(sock, fptr); #if defined(HAVE_STRUCT_MSGHDR_MSG_CONTROL) family = rsock_getfamily(fptr->fd); @@ -1504,7 +1503,6 @@ bsock_recvmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock) int gc_done = 0; #endif - rb_secure(4); rb_scan_args(argc, argv, "03:", &vmaxdatlen, &vflags, &vmaxctllen, &vopts); diff --git a/ext/socket/basicsocket.c b/ext/socket/basicsocket.c index 19dc2f54d8..bce085b632 100644 --- a/ext/socket/basicsocket.c +++ b/ext/socket/basicsocket.c @@ -547,7 +547,6 @@ rsock_bsock_send(int argc, VALUE *argv, VALUE sock) int n; rb_blocking_function_t *func; - rb_secure(4); rb_scan_args(argc, argv, "21", &arg.mesg, &flags, &to); StringValue(arg.mesg); @@ -613,7 +612,6 @@ bsock_do_not_reverse_lookup_set(VALUE sock, VALUE state) { rb_io_t *fptr; - rb_secure(4); GetOpenFile(sock, fptr); if (RTEST(state)) { fptr->mode |= FMODE_NOREVLOOKUP; @@ -733,7 +731,6 @@ bsock_do_not_rev_lookup(void) static VALUE bsock_do_not_rev_lookup_set(VALUE self, VALUE val) { - rb_secure(4); rsock_do_not_reverse_lookup = RTEST(val); return val; } diff --git a/ext/socket/socket.c b/ext/socket/socket.c index 8c5ffed836..cbde0ede96 100644 --- a/ext/socket/socket.c +++ b/ext/socket/socket.c @@ -629,7 +629,6 @@ rsock_sock_listen(VALUE sock, VALUE log) rb_io_t *fptr; int backlog; - rb_secure(4); backlog = NUM2INT(log); GetOpenFile(sock, fptr); if (listen(fptr->fd, backlog) < 0) diff --git a/ext/socket/udpsocket.c b/ext/socket/udpsocket.c index 4ea9db6583..de334fcbe4 100644 --- a/ext/socket/udpsocket.c +++ b/ext/socket/udpsocket.c @@ -166,7 +166,6 @@ udp_send(int argc, VALUE *argv, VALUE sock) if (argc == 2 || argc == 3) { return rsock_bsock_send(argc, argv, sock); } - rb_secure(4); rb_scan_args(argc, argv, "4", &arg.mesg, &flags, &host, &port); StringValue(arg.mesg); diff --git a/ext/stringio/stringio.c b/ext/stringio/stringio.c index bdc46af21d..d15db8b076 100644 --- a/ext/stringio/stringio.c +++ b/ext/stringio/stringio.c @@ -136,7 +136,6 @@ writable(VALUE strio) rb_raise(rb_eIOError, "not opened for writing"); } if (!OBJ_TAINTED(ptr->string)) { - rb_secure(4); } return ptr; } diff --git a/ext/syslog/syslog.c b/ext/syslog/syslog.c index 347fd4bf62..17c5ef8969 100644 --- a/ext/syslog/syslog.c +++ b/ext/syslog/syslog.c @@ -37,7 +37,6 @@ static void syslog_write(int pri, int argc, VALUE *argv) { VALUE str; - rb_secure(4); if (argc < 1) { rb_raise(rb_eArgError, "no log message supplied"); } @@ -56,7 +55,6 @@ static void syslog_write(int pri, int argc, VALUE *argv) */ static VALUE mSyslog_close(VALUE self) { - rb_secure(4); if (!syslog_opened) { rb_raise(rb_eRuntimeError, "syslog not opened"); } @@ -263,7 +261,6 @@ static VALUE mSyslog_get_mask(VALUE self) */ static VALUE mSyslog_set_mask(VALUE self, VALUE mask) { - rb_secure(4); if (!syslog_opened) { rb_raise(rb_eRuntimeError, "must open syslog before setting log mask"); } diff --git a/ext/tk/tcltklib.c b/ext/tk/tcltklib.c index a8cc1222b6..d269f9c43e 100644 --- a/ext/tk/tcltklib.c +++ b/ext/tk/tcltklib.c @@ -1668,7 +1668,6 @@ set_eventloop_window_mode(self, mode) VALUE self; VALUE mode; { - rb_secure(4); if (RTEST(mode)) { window_event_mode = ~0; @@ -1698,7 +1697,6 @@ set_eventloop_tick(self, tick) int ttick = NUM2INT(tick); int thr_crit_bup; - rb_secure(4); if (ttick < 0) { rb_raise(rb_eArgError, @@ -1765,7 +1763,6 @@ set_no_event_wait(self, wait) { int t_wait = NUM2INT(wait); - rb_secure(4); if (t_wait <= 0) { rb_raise(rb_eArgError, @@ -1819,7 +1816,6 @@ set_eventloop_weight(self, loop_max, no_event) int lpmax = NUM2INT(loop_max); int no_ev = NUM2INT(no_event); - rb_secure(4); if (lpmax <= 0 || no_ev <= 0) { rb_raise(rb_eArgError, "weight parameters must be positive numbers"); @@ -1938,7 +1934,6 @@ static VALUE lib_evloop_abort_on_exc_set(self, val) VALUE self, val; { - rb_secure(4); if (RTEST(val)) { event_loop_abort_on_exc = 1; } else if (NIL_P(val)) { @@ -1955,7 +1950,6 @@ ip_evloop_abort_on_exc_set(self, val) { struct tcltkip *ptr = get_ip(self); - rb_secure(4); /* ip is deleted? */ if (deleted_ip(ptr)) { @@ -6403,7 +6397,6 @@ ip_create_slave_core(interp, argc, argv) safe = 1; } else if (safemode == Qfalse || NIL_P(safemode)) { safe = 0; - /* rb_secure(4); */ /* already checked */ } else { safe = 1; } @@ -6510,7 +6503,6 @@ ip_create_slave(argc, argv, self) } if (Tcl_IsSafe(master->ip) != 1 && (safemode == Qfalse || NIL_P(safemode))) { - rb_secure(4); } StringValue(name); @@ -6717,7 +6709,6 @@ ip_allow_ruby_exit_set(self, val) struct tcltkip *ptr = get_ip(self); Tk_Window mainWin; - rb_secure(4); /* ip is deleted? */ if (deleted_ip(ptr)) { @@ -7821,7 +7812,6 @@ lib_restart_core(interp, argc, argv) struct tcltkip *ptr = get_ip(interp); int thr_crit_bup; - /* rb_secure(4); */ /* already checked */ /* tcl_stubs_check(); */ /* already checked */ @@ -7879,7 +7869,6 @@ lib_restart(self) { struct tcltkip *ptr = get_ip(self); - rb_secure(4); tcl_stubs_check(); @@ -7898,7 +7887,6 @@ ip_restart(self) { struct tcltkip *ptr = get_ip(self); - rb_secure(4); tcl_stubs_check(); @@ -9257,7 +9245,6 @@ ip_invoke_immediate(argc, argv, obj) VALUE obj; { /* POTENTIALY INSECURE : can create infinite loop */ - rb_secure(4); return ip_invoke_with_position(argc, argv, obj, TCL_QUEUE_HEAD); } @@ -10061,7 +10048,6 @@ create_dummy_encoding_for_tk_core(interp, name, error_mode) { get_ip(interp); - rb_secure(4); StringValue(name); @@ -10519,7 +10505,6 @@ create_encoding_table_core(arg, interp) Tcl_Obj **objv; Tcl_Obj *enc_list; - rb_secure(4); /* set 'binary' encoding */ rb_hash_aset(table, ENCODING_NAME_BINARY, ENCODING_NAME_BINARY); @@ -10555,7 +10540,6 @@ create_encoding_table_core(arg, interp) VALUE interp; { volatile VALUE table = rb_hash_new(); - rb_secure(4); rb_ivar_set(interp, ID_encoding_table, table); return table; } diff --git a/ext/win32ole/win32ole.c b/ext/win32ole/win32ole.c index 8c243f83c1..e353d78d05 100644 --- a/ext/win32ole/win32ole.c +++ b/ext/win32ole/win32ole.c @@ -2725,7 +2725,6 @@ fole_s_connect(int argc, VALUE *argv, VALUE self) void *p; IUnknown *pUnknown; - rb_secure(4); /* initialize to use OLE */ ole_initialize(); @@ -2809,7 +2808,6 @@ fole_s_const_load(int argc, VALUE *argv, VALUE self) VALUE file; LCID lcid = cWIN32OLE_lcid; - rb_secure(4); rb_scan_args(argc, argv, "11", &ole, &klass); if (TYPE(klass) != T_CLASS && TYPE(klass) != T_MODULE && @@ -2872,7 +2870,6 @@ ole_types_from_typelib(ITypeLib *pTypeLib, VALUE classes) ITypeInfo *pTypeInfo; VALUE type; - rb_secure(4); count = pTypeLib->lpVtbl->GetTypeInfoCount(pTypeLib); for (i = 0; i < count; i++) { hr = pTypeLib->lpVtbl->GetDocumentation(pTypeLib, i, @@ -3236,7 +3233,6 @@ fole_initialize(int argc, VALUE *argv, VALUE self) OLECHAR *pBuf; IDispatch *pDispatch; void *p; - rb_secure(4); rb_call_super(0, 0); rb_scan_args(argc, argv, "11*", &svr_name, &host, &others); @@ -3964,7 +3960,6 @@ static VALUE fole_free(VALUE self) { struct oledata *pole; - rb_secure(4); OLEData_Get_Struct(self, pole); OLE_FREE(pole->pDispatch); pole->pDispatch = NULL; @@ -4527,7 +4522,6 @@ fole_respond_to(VALUE self, VALUE method) BSTR wcmdname; DISPID DispID; HRESULT hr; - rb_secure(4); if(TYPE(method) != T_STRING && TYPE(method) != T_SYMBOL) { rb_raise(rb_eTypeError, "wrong argument type (expected String or Symbol)"); } @@ -8299,7 +8293,6 @@ ev_advise(int argc, VALUE *argv, VALUE self) struct oleeventdata *poleev; void *p; - rb_secure(4); rb_scan_args(argc, argv, "11", &ole, &itf); if (!rb_obj_is_kind_of(ole, cWIN32OLE)) { @@ -8507,7 +8500,6 @@ fev_off_event(int argc, VALUE *argv, VALUE self) VALUE event = Qnil; VALUE events; - rb_secure(4); rb_scan_args(argc, argv, "01", &event); if(!NIL_P(event)) { if(TYPE(event) != T_STRING && TYPE(event) != T_SYMBOL) { @@ -249,7 +249,6 @@ apply2files(void (*func)(const char *, VALUE, void *), VALUE vargs, void *arg) long i; volatile VALUE path; - rb_secure(4); for (i=0; i<RARRAY_LEN(vargs); i++) { const char *s; path = rb_get_path(RARRAY_AREF(vargs, i)); @@ -915,7 +914,6 @@ rb_file_s_stat(VALUE klass, VALUE fname) { struct stat st; - rb_secure(4); FilePathValue(fname); if (rb_stat(fname, &st) < 0) { rb_sys_fail_path(fname); @@ -5376,7 +5374,7 @@ rb_find_file_ext_safe(VALUE *filep, const char *const *ext, int safe_level) *filep = copy_path_class(tmp, *filep); return (int)(j+1); } - FL_UNSET(tmp, FL_TAINT | FL_UNTRUSTED); + FL_UNSET(tmp, FL_TAINT); } rb_str_set_len(fname, fnlen); } @@ -899,7 +899,7 @@ newobj_of(VALUE klass, VALUE flags, VALUE v1, VALUE v2, VALUE v3) /* OBJSETUP */ RBASIC(obj)->flags = flags; RBASIC_SET_CLASS(obj, klass); - if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT | FL_UNTRUSTED); + if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT); RANY(obj)->as.values.v1 = v1; RANY(obj)->as.values.v2 = v2; RANY(obj)->as.values.v3 = v3; @@ -1485,7 +1485,6 @@ os_each_obj(int argc, VALUE *argv, VALUE os) { VALUE of; - rb_secure(4); if (argc == 0) { of = 0; } @@ -1879,7 +1878,6 @@ id2ref(VALUE obj, VALUE objid) VALUE ptr; void *p0; - rb_secure(4); ptr = NUM2PTR(objid); p0 = (void *)ptr; @@ -267,7 +267,7 @@ rb_hash_dup(VALUE hash) { NEWOBJ_OF(ret, struct RHash, rb_obj_class(hash), - (RBASIC(hash)->flags)&(T_MASK|FL_EXIVAR|FL_TAINT|FL_UNTRUSTED)); + (RBASIC(hash)->flags)&(T_MASK|FL_EXIVAR|FL_TAINT)); if (FL_TEST((hash), FL_EXIVAR)) rb_copy_generic_ivar((VALUE)(ret),(VALUE)(hash)); @@ -284,8 +284,6 @@ static void rb_hash_modify_check(VALUE hash) { rb_check_frozen(hash); - if (!OBJ_UNTRUSTED(hash) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify hash"); } static struct st_table * @@ -2263,7 +2261,6 @@ env_delete(VALUE obj, VALUE name) { char *nam, *val; - rb_secure(4); SafeStringValue(name); nam = RSTRING_PTR(name); if (memchr(nam, '\0', RSTRING_LEN(name))) { @@ -2315,7 +2312,6 @@ rb_f_getenv(VALUE obj, VALUE name) { char *nam, *env; - rb_secure(4); SafeStringValue(name); nam = RSTRING_PTR(name); if (memchr(nam, '\0', RSTRING_LEN(name))) { @@ -2359,7 +2355,6 @@ env_fetch(int argc, VALUE *argv) long block_given; char *nam, *env; - rb_secure(4); rb_scan_args(argc, argv, "11", &key, &if_none); block_given = rb_block_given_p(); if (block_given && argc == 2) { @@ -2629,7 +2624,6 @@ env_keys(void) char **env; VALUE ary; - rb_secure(4); ary = rb_ary_new(); env = GET_ENVIRON(environ); while (*env) { @@ -2649,8 +2643,6 @@ rb_env_size(VALUE ehash) char **env; long cnt = 0; - rb_secure(4); - env = GET_ENVIRON(environ); for (; *env ; ++env) { if (strchr(*env, '=')) { @@ -2677,7 +2669,7 @@ env_each_key(VALUE ehash) long i; RETURN_SIZED_ENUMERATOR(ehash, 0, 0, rb_env_size); - keys = env_keys(); /* rb_secure(4); */ + keys = env_keys(); for (i=0; i<RARRAY_LEN(keys); i++) { rb_yield(RARRAY_AREF(keys, i)); } @@ -2696,7 +2688,6 @@ env_values(void) VALUE ary; char **env; - rb_secure(4); ary = rb_ary_new(); env = GET_ENVIRON(environ); while (*env) { @@ -2726,7 +2717,7 @@ env_each_value(VALUE ehash) long i; RETURN_SIZED_ENUMERATOR(ehash, 0, 0, rb_env_size); - values = env_values(); /* rb_secure(4); */ + values = env_values(); for (i=0; i<RARRAY_LEN(values); i++) { rb_yield(RARRAY_AREF(values, i)); } @@ -2753,7 +2744,6 @@ env_each_pair(VALUE ehash) RETURN_SIZED_ENUMERATOR(ehash, 0, 0, rb_env_size); - rb_secure(4); ary = rb_ary_new(); env = GET_ENVIRON(environ); while (*env) { @@ -2789,7 +2779,7 @@ env_reject_bang(VALUE ehash) int del = 0; RETURN_SIZED_ENUMERATOR(ehash, 0, 0, rb_env_size); - keys = env_keys(); /* rb_secure(4); */ + keys = env_keys(); RBASIC_CLEAR_CLASS(keys); for (i=0; i<RARRAY_LEN(keys); i++) { VALUE val = rb_f_getenv(Qnil, RARRAY_AREF(keys, i)); @@ -2835,7 +2825,6 @@ env_values_at(int argc, VALUE *argv) VALUE result; long i; - rb_secure(4); result = rb_ary_new(); for (i=0; i<argc; i++) { rb_ary_push(result, rb_f_getenv(Qnil, argv[i])); @@ -2859,7 +2848,6 @@ env_select(VALUE ehash) char **env; RETURN_SIZED_ENUMERATOR(ehash, 0, 0, rb_env_size); - rb_secure(4); result = rb_hash_new(); env = GET_ENVIRON(environ); while (*env) { @@ -2893,7 +2881,7 @@ env_select_bang(VALUE ehash) int del = 0; RETURN_SIZED_ENUMERATOR(ehash, 0, 0, rb_env_size); - keys = env_keys(); /* rb_secure(4); */ + keys = env_keys(); RBASIC_CLEAR_CLASS(keys); for (i=0; i<RARRAY_LEN(keys); i++) { VALUE val = rb_f_getenv(Qnil, RARRAY_AREF(keys, i)); @@ -2938,7 +2926,7 @@ rb_env_clear(void) volatile VALUE keys; long i; - keys = env_keys(); /* rb_secure(4); */ + keys = env_keys(); for (i=0; i<RARRAY_LEN(keys); i++) { VALUE val = rb_f_getenv(Qnil, RARRAY_AREF(keys, i)); if (!NIL_P(val)) { @@ -2972,7 +2960,6 @@ env_inspect(void) char **env; VALUE str, i; - rb_secure(4); str = rb_str_buf_new2("{"); env = GET_ENVIRON(environ); while (*env) { @@ -3012,7 +2999,6 @@ env_to_a(void) char **env; VALUE ary; - rb_secure(4); ary = rb_ary_new(); env = GET_ENVIRON(environ); while (*env) { @@ -3053,7 +3039,6 @@ env_size(void) int i; char **env; - rb_secure(4); env = GET_ENVIRON(environ); for (i=0; env[i]; i++) ; @@ -3072,7 +3057,6 @@ env_empty_p(void) { char **env; - rb_secure(4); env = GET_ENVIRON(environ); if (env[0] == 0) { FREE_ENVIRON(environ); @@ -3096,7 +3080,6 @@ env_has_key(VALUE env, VALUE key) { char *s; - rb_secure(4); s = StringValuePtr(key); if (memchr(s, '\0', RSTRING_LEN(key))) rb_raise(rb_eArgError, "bad environment variable name"); @@ -3116,7 +3099,6 @@ env_assoc(VALUE env, VALUE key) { char *s, *e; - rb_secure(4); s = StringValuePtr(key); if (memchr(s, '\0', RSTRING_LEN(key))) rb_raise(rb_eArgError, "bad environment variable name"); @@ -3137,7 +3119,6 @@ env_has_value(VALUE dmy, VALUE obj) { char **env; - rb_secure(4); obj = rb_check_string_type(obj); if (NIL_P(obj)) return Qnil; env = GET_ENVIRON(environ); @@ -3168,7 +3149,6 @@ env_rassoc(VALUE dmy, VALUE obj) { char **env; - rb_secure(4); obj = rb_check_string_type(obj); if (NIL_P(obj)) return Qnil; env = GET_ENVIRON(environ); @@ -3201,7 +3181,6 @@ env_key(VALUE dmy, VALUE value) char **env; VALUE str; - rb_secure(4); StringValue(value); env = GET_ENVIRON(environ); while (*env) { @@ -3247,7 +3226,6 @@ env_to_hash(void) char **env; VALUE hash; - rb_secure(4); hash = rb_hash_new(); env = GET_ENVIRON(environ); while (*env) { @@ -3288,7 +3266,6 @@ env_shift(void) { char **env; - rb_secure(4); env = GET_ENVIRON(environ); if (*env) { char *s = strchr(*env, '='); @@ -3339,7 +3316,7 @@ env_replace(VALUE env, VALUE hash) volatile VALUE keys; long i; - keys = env_keys(); /* rb_secure(4); */ + keys = env_keys(); if (env == hash) return env; hash = to_hash(hash); rb_hash_foreach(hash, env_replace_i, keys); @@ -3373,7 +3350,6 @@ env_update_i(VALUE key, VALUE val) static VALUE env_update(VALUE env, VALUE hash) { - rb_secure(4); if (env == hash) return env; hash = to_hash(hash); rb_hash_foreach(hash, env_update_i, 0); diff --git a/include/ruby/intern.h b/include/ruby/intern.h index 5d78d0dddc..fb989ef2c7 100644 --- a/include/ruby/intern.h +++ b/include/ruby/intern.h @@ -229,12 +229,7 @@ void rb_check_trusted(VALUE); rb_error_frozen(rb_obj_classname(frozen_obj)); \ } \ } while (0) -#define rb_check_trusted_internal(obj) do { \ - VALUE untrusted_obj = (obj); \ - if (!OBJ_UNTRUSTED(untrusted_obj)) { \ - rb_error_untrusted(untrusted_obj); \ - } \ - } while (0) +#define rb_check_trusted_internal(obj) ((void) 0) #ifdef __GNUC__ #define rb_check_frozen(obj) __extension__({rb_check_frozen_internal(obj);}) #define rb_check_trusted(obj) __extension__({rb_check_trusted_internal(obj);}) diff --git a/include/ruby/ruby.h b/include/ruby/ruby.h index 7ce16ee133..18539e8548 100644 --- a/include/ruby/ruby.h +++ b/include/ruby/ruby.h @@ -678,7 +678,7 @@ VALUE rb_obj_setup(VALUE obj, VALUE klass, VALUE type); if (FL_TEST((obj), FL_EXIVAR)) rb_copy_generic_ivar((VALUE)(clone),(VALUE)(obj));\ } while (0) #define DUPSETUP(dup,obj) do {\ - OBJSETUP((dup),rb_obj_class(obj), (RBASIC(obj)->flags)&(T_MASK|FL_EXIVAR|FL_TAINT|FL_UNTRUSTED)); \ + OBJSETUP((dup),rb_obj_class(obj), (RBASIC(obj)->flags)&(T_MASK|FL_EXIVAR|FL_TAINT)); \ if (FL_TEST((obj), FL_EXIVAR)) rb_copy_generic_ivar((VALUE)(dup),(VALUE)(obj));\ } while (0) @@ -1163,7 +1163,7 @@ struct RBignum { #define FL_OLDGEN (((VALUE)1)<<6) #define FL_FINALIZE (((VALUE)1)<<7) #define FL_TAINT (((VALUE)1)<<8) -#define FL_UNTRUSTED (((VALUE)1)<<9) +#define FL_UNTRUSTED FL_TAINT #define FL_EXIVAR (((VALUE)1)<<10) #define FL_FREEZE (((VALUE)1)<<11) @@ -1203,12 +1203,11 @@ struct RBignum { #define OBJ_TAINTED(x) (!!FL_TEST((x), FL_TAINT)) #define OBJ_TAINT(x) FL_SET((x), FL_TAINT) -#define OBJ_UNTRUSTED(x) (!!FL_TEST((x), FL_UNTRUSTED)) -#define OBJ_UNTRUST(x) FL_SET((x), FL_UNTRUSTED) +#define OBJ_UNTRUSTED(x) OBJ_TAINTED(x) +#define OBJ_UNTRUST(x) OBJ_TAINT(x) #define OBJ_INFECT(x,s) do { \ if (FL_ABLE(x) && FL_ABLE(s)) \ - RBASIC(x)->flags |= RBASIC(s)->flags & \ - (FL_TAINT | FL_UNTRUSTED); \ + RBASIC(x)->flags |= RBASIC(s)->flags & FL_TAINT; \ } while (0) #define OBJ_FROZEN(x) (!!(FL_ABLE(x)?(RBASIC(x)->flags&(FL_FREEZE)):(FIXNUM_P(x)||FLONUM_P(x)))) @@ -597,8 +597,6 @@ rb_eof_error(void) VALUE rb_io_taint_check(VALUE io) { - if (!OBJ_UNTRUSTED(io) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: operation on trusted IO"); rb_check_frozen(io); return io; } @@ -1376,7 +1374,6 @@ io_write(VALUE io, VALUE str, int nosync) long n; VALUE tmp; - rb_secure(4); io = GetWriteIO(io); str = rb_obj_as_string(str); tmp = rb_io_check_io(io); @@ -2610,7 +2607,6 @@ rb_io_write_nonblock(VALUE io, VALUE str) rb_io_t *fptr; long n; - rb_secure(4); if (!RB_TYPE_P(str, T_STRING)) str = rb_obj_as_string(str); @@ -4256,9 +4252,6 @@ rb_io_close(VALUE io) static VALUE rb_io_close_m(VALUE io) { - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) { - rb_raise(rb_eSecurityError, "Insecure: can't close"); - } rb_io_check_closed(RFILE(io)->fptr); rb_io_close(io); return Qnil; @@ -4339,9 +4332,6 @@ rb_io_close_read(VALUE io) rb_io_t *fptr; VALUE write_io; - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) { - rb_raise(rb_eSecurityError, "Insecure: can't close"); - } GetOpenFile(io, fptr); if (is_socket(fptr->fd, fptr->pathv)) { #ifndef SHUT_RD @@ -4397,9 +4387,6 @@ rb_io_close_write(VALUE io) rb_io_t *fptr; VALUE write_io; - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(io)) { - rb_raise(rb_eSecurityError, "Insecure: can't close"); - } write_io = GetWriteIO(io); GetOpenFile(write_io, fptr); if (is_socket(fptr->fd, fptr->pathv)) { @@ -4486,7 +4473,6 @@ rb_io_syswrite(VALUE io, VALUE str) rb_io_t *fptr; long n; - rb_secure(4); if (!RB_TYPE_P(str, T_STRING)) str = rb_obj_as_string(str); @@ -6411,10 +6397,6 @@ io_reopen(VALUE io, VALUE nfile) off_t pos = 0; nfile = rb_io_get_io(nfile); - if (rb_safe_level() >= 4 && - (!OBJ_UNTRUSTED(io) || !OBJ_UNTRUSTED(nfile))) { - rb_raise(rb_eSecurityError, "Insecure: can't reopen"); - } GetOpenFile(io, fptr); GetOpenFile(nfile, orig); @@ -6516,7 +6498,6 @@ rb_io_reopen(int argc, VALUE *argv, VALUE file) int oflags; rb_io_t *fptr; - rb_secure(4); if (rb_scan_args(argc, argv, "11:", &fname, &nmode, &opt) == 1) { VALUE tmp = rb_io_check_io(fname); if (!NIL_P(tmp)) { @@ -7308,7 +7289,6 @@ rb_io_initialize(int argc, VALUE *argv, VALUE io) struct stat st; #endif - rb_secure(4); argc = rb_scan_args(argc, argv, "11:", &fnum, &vmode, &opt); rb_io_extract_modeenc(&vmode, 0, opt, &oflags, &fmode, &convconfig); @@ -7436,7 +7416,6 @@ static VALUE rb_io_autoclose_p(VALUE io) { rb_io_t *fptr; - rb_secure(4); GetOpenFile(io, fptr); return (fptr->mode & FMODE_PREP) ? Qfalse : Qtrue; } @@ -7462,7 +7441,6 @@ static VALUE rb_io_set_autoclose(VALUE io, VALUE autoclose) { rb_io_t *fptr; - rb_secure(4); GetOpenFile(io, fptr); if (!RTEST(autoclose)) fptr->mode |= FMODE_PREP; @@ -243,7 +243,6 @@ rb_iseq_add_mark_object(rb_iseq_t *iseq, VALUE obj) { if (!RTEST(iseq->mark_ary)) { iseq->mark_ary = rb_ary_tmp_new(3); - OBJ_UNTRUST(iseq->mark_ary); RBASIC_CLEAR_CLASS(iseq->mark_ary); } rb_ary_push(iseq->mark_ary, obj); @@ -574,7 +574,6 @@ rb_load_internal(VALUE fname, int wrap) th->errinfo = Qnil; /* ensure */ if (!wrap) { - rb_secure(4); /* should alter global state */ th->top_wrapper = 0; } else { @@ -130,7 +130,7 @@ rb_marshal_define_compat(VALUE newclass, VALUE oldclass, VALUE (*dumper)(VALUE), st_insert(compat_allocator_tbl, (st_data_t)allocator, (st_data_t)compat); } -#define MARSHAL_INFECTION (FL_TAINT|FL_UNTRUSTED) +#define MARSHAL_INFECTION FL_TAINT typedef char ruby_check_marshal_viral_flags[MARSHAL_INFECTION == (int)MARSHAL_INFECTION ? 1 : -1]; struct dump_arg { @@ -1939,7 +1939,7 @@ marshal_load(int argc, VALUE *argv) } else if (rb_respond_to(port, s_getbyte) && rb_respond_to(port, s_read)) { rb_check_funcall(port, s_binmode, 0, 0); - infection = (int)(FL_TAINT | FL_TEST(port, FL_UNTRUSTED)); + infection = (int)FL_TAINT; } else { io_needed(); @@ -72,7 +72,7 @@ rb_obj_setup(VALUE obj, VALUE klass, VALUE type) { RBASIC(obj)->flags = type; RBASIC_SET_CLASS(obj, klass); - if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT | FL_UNTRUSTED); + if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT); return obj; } @@ -259,7 +259,7 @@ init_copy(VALUE dest, VALUE obj) rb_raise(rb_eTypeError, "[bug] frozen object (%s) allocated", rb_obj_classname(dest)); } RBASIC(dest)->flags &= ~(T_MASK|FL_EXIVAR); - RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR|FL_TAINT|FL_UNTRUSTED); + RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR|FL_TAINT); rb_copy_generic_ivar(dest, obj); rb_gc_copy_finalizer(dest, obj); switch (TYPE(obj)) { @@ -335,7 +335,7 @@ rb_obj_clone(VALUE obj) rb_raise(rb_eTypeError, "can't clone %s", rb_obj_classname(obj)); } clone = rb_obj_alloc(rb_obj_class(obj)); - RBASIC(clone)->flags &= (FL_TAINT|FL_UNTRUSTED); + RBASIC(clone)->flags &= FL_TAINT; RBASIC(clone)->flags |= RBASIC(obj)->flags & ~(FL_OLDGEN|FL_FREEZE|FL_FINALIZE); singleton = rb_singleton_class_clone_and_attach(obj, clone); @@ -907,7 +907,6 @@ rb_obj_tainted(VALUE obj) VALUE rb_obj_taint(VALUE obj) { - rb_secure(4); if (!OBJ_TAINTED(obj)) { rb_check_frozen(obj); OBJ_TAINT(obj); @@ -940,47 +939,28 @@ rb_obj_untaint(VALUE obj) * call-seq: * obj.untrusted? -> true or false * - * Returns true if the object is untrusted. - * - * See #untrust for more information. + * Deprecated method that is equivalent to #tainted?. */ VALUE rb_obj_untrusted(VALUE obj) { - if (OBJ_UNTRUSTED(obj)) - return Qtrue; - return Qfalse; + rb_warning("untrusted? is deprecated and its behavior is same as tainted?"); + return rb_obj_tainted(obj); } /* * call-seq: * obj.untrust -> obj * - * Mark the object as untrusted. - * - * An untrusted object is not allowed to modify any trusted objects. To check - * whether an object is trusted, use #untrusted? - * - * Any object created by untrusted code is marked as both tainted and - * untrusted. See #taint for more information. - * - * You should only trust an untrusted object if your code has inspected it and - * determined that it is safe. To do so use #trust - * - * In $SAFE level 3 and 4, all objects are tainted and untrusted, any use of - * trust or taint methods will raise a SecurityError exception. + * Deprecated method that is equivalent to #taint. */ VALUE rb_obj_untrust(VALUE obj) { - rb_secure(4); - if (!OBJ_UNTRUSTED(obj)) { - rb_check_frozen(obj); - OBJ_UNTRUST(obj); - } - return obj; + rb_warning("untrust is deprecated and its behavior is same as taint"); + return rb_obj_taint(obj); } @@ -988,20 +968,14 @@ rb_obj_untrust(VALUE obj) * call-seq: * obj.trust -> obj * - * Removes the untrusted mark from the object. - * - * See #untrust for more information. + * Deprecated method that is equivalent to #untaint. */ VALUE rb_obj_trust(VALUE obj) { - rb_secure(3); - if (OBJ_UNTRUSTED(obj)) { - rb_check_frozen(obj); - FL_UNSET(obj, FL_UNTRUSTED); - } - return obj; + rb_warning("trust is deprecated and its behavior is same as untaint"); + return rb_obj_untaint(obj); } void @@ -1037,9 +1011,6 @@ VALUE rb_obj_freeze(VALUE obj) { if (!OBJ_FROZEN(obj)) { - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(obj)) { - rb_raise(rb_eSecurityError, "Insecure: can't freeze object"); - } OBJ_FREEZE(obj); if (SPECIAL_CONST_P(obj)) { if (!immediate_frozen_tbl) { @@ -1532,7 +1532,6 @@ top_define_method(int argc, VALUE *argv, VALUE obj) rb_thread_t *th = GET_THREAD(); VALUE klass; - rb_secure(4); klass = th->top_wrapper; if (klass) { rb_warning("main.define_method in the wrapped load is effective only in wrapper module"); @@ -3535,7 +3535,6 @@ rb_f_exit_bang(int argc, VALUE *argv, VALUE obj) VALUE status; int istatus; - rb_secure(4); if (argc > 0 && rb_scan_args(argc, argv, "01", &status) == 1) { istatus = exit_status_code(status); } @@ -3609,7 +3608,6 @@ rb_f_exit(int argc, VALUE *argv) VALUE status; int istatus; - rb_secure(4); if (argc > 0 && rb_scan_args(argc, argv, "01", &status) == 1) { istatus = exit_status_code(status); } @@ -3636,7 +3634,6 @@ rb_f_exit(int argc, VALUE *argv) VALUE rb_f_abort(int argc, VALUE *argv) { - rb_secure(4); if (argc == 0) { if (!NIL_P(GET_THREAD()->errinfo)) { ruby_error_print(); @@ -687,7 +687,6 @@ rb_f_srand(int argc, VALUE *argv, VALUE obj) VALUE seed, old; rb_random_t *r = &default_rand; - rb_secure(4); if (argc == 0) { seed = random_seed(); } @@ -2395,8 +2395,6 @@ rb_reg_initialize(VALUE obj, const char *s, long len, rb_encoding *enc, rb_encoding *fixed_enc = 0; rb_encoding *a_enc = rb_ascii8bit_encoding(); - if (!OBJ_UNTRUSTED(obj) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify regexp"); rb_check_frozen(obj); if (FL_TEST(obj, REG_LITERAL)) rb_raise(rb_eSecurityError, "can't modify literal regexp"); @@ -14,10 +14,9 @@ 1 - no dangerous operation by tainted value 2 - process/file operations prohibited 3 - all generated objects are tainted - 4 - no global (non-tainted) variable modification/no direct output */ -#define SAFE_LEVEL_MAX 4 +#define SAFE_LEVEL_MAX 3 #include "ruby/ruby.h" #include "vm_core.h" @@ -43,7 +42,7 @@ rb_set_safe_level(int level) if (level > th->safe_level) { if (level > SAFE_LEVEL_MAX) { - level = SAFE_LEVEL_MAX; + rb_raise(rb_eArgError, "$SAFE=4 is obsolete"); } th->safe_level = level; } @@ -67,10 +66,10 @@ safe_setter(VALUE val) th->safe_level, level); } if (level == 3) { - rb_warning("$SAFE=3 does no sandboxing; you might want to use $SAFE=4"); + rb_warning("$SAFE=3 does no sandboxing"); } if (level > SAFE_LEVEL_MAX) { - level = SAFE_LEVEL_MAX; + rb_raise(rb_eArgError, "$SAFE=4 is obsolete"); } th->safe_level = level; } @@ -94,8 +93,6 @@ rb_secure(int level) void rb_secure_update(VALUE obj) { - if (!OBJ_TAINTED(obj)) - rb_secure(4); } void @@ -117,7 +114,6 @@ rb_check_safe_obj(VALUE x) if (rb_safe_level() > 0 && OBJ_TAINTED(x)) { rb_insecure_operation(); } - rb_secure(4); } void @@ -704,7 +704,7 @@ rb_str_new_frozen(VALUE orig) assert(OBJ_FROZEN(str)); ofs = RSTRING_LEN(str) - RSTRING_LEN(orig); if ((ofs > 0) || (klass != RBASIC(str)->klass) || - ((RBASIC(str)->flags ^ RBASIC(orig)->flags) & (FL_TAINT|FL_UNTRUSTED)) || + ((RBASIC(str)->flags ^ RBASIC(orig)->flags) & FL_TAINT) || ENCODING_GET(str) != ENCODING_GET(orig)) { str = str_new3(klass, str); RSTRING(str)->as.heap.ptr += ofs; @@ -1305,8 +1305,6 @@ str_modifiable(VALUE str) rb_raise(rb_eRuntimeError, "can't modify string; temporarily locked"); } rb_check_frozen(str); - if (!OBJ_UNTRUSTED(str) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify string"); } static inline int @@ -3659,7 +3657,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) VALUE pat, repl, hash = Qnil; int iter = 0; int tainted = 0; - int untrusted = 0; long plen; int min_arity = rb_block_given_p() ? 1 : 2; @@ -3674,7 +3671,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) StringValue(repl); } if (OBJ_TAINTED(repl)) tainted = 1; - if (OBJ_UNTRUSTED(repl)) untrusted = 1; } pat = get_pat(argv[0], 1); @@ -3720,7 +3716,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) rb_str_modify(str); rb_enc_associate(str, enc); if (OBJ_TAINTED(repl)) tainted = 1; - if (OBJ_UNTRUSTED(repl)) untrusted = 1; if (ENC_CODERANGE_UNKNOWN < cr && cr < ENC_CODERANGE_BROKEN) { int cr2 = ENC_CODERANGE(repl); if (cr2 == ENC_CODERANGE_BROKEN || @@ -3745,7 +3740,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) RSTRING_PTR(str)[len] = '\0'; ENC_CODERANGE_SET(str, cr); if (tainted) OBJ_TAINT(str); - if (untrusted) OBJ_UNTRUST(str); return str; } diff --git a/test/dl/test_dl2.rb b/test/dl/test_dl2.rb index 88ef0869b1..955ac1d855 100644 --- a/test/dl/test_dl2.rb +++ b/test/dl/test_dl2.rb @@ -11,15 +11,6 @@ class TestDL < TestBase # TODO: refactor test repetition - def test_free_secure - assert_raises(SecurityError) do - Thread.new do - $SAFE = 4 - DL.free(0) - end.join - end - end - def test_realloc str = "abc" ptr_id = DL.realloc(0, 4) @@ -33,15 +24,6 @@ class TestDL < TestBase DL.free ptr_id end - def test_realloc_secure - assert_raises(SecurityError) do - Thread.new do - $SAFE = 4 - DL.realloc(0, 4) - end.join - end - end - def test_malloc str = "abc" @@ -56,15 +38,6 @@ class TestDL < TestBase DL.free ptr_id end - def test_malloc_security - assert_raises(SecurityError) do - Thread.new do - $SAFE = 4 - DL.malloc(4) - end.join - end - end - def test_call_int() cfunc = CFunc.new(@libc['atoi'], TYPE_INT, 'atoi') x = cfunc.call(["100"].pack("p").unpack("l!*")) diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb index 89fdbff6eb..65efd39191 100644 --- a/test/erb/test_erb.rb +++ b/test/erb/test_erb.rb @@ -185,11 +185,6 @@ EOS assert_equal(ans, erb.result) end - def test_safe_04 - erb = @erb.new('<%=$SAFE%>', 4) - assert_equal('4', erb.result(TOPLEVEL_BINDING.taint)) - end - class Foo; end def test_def_class diff --git a/test/readline/test_readline.rb b/test/readline/test_readline.rb index a4c8e581a3..17e54ef428 100644 --- a/test/readline/test_readline.rb +++ b/test/readline/test_readline.rb @@ -18,55 +18,6 @@ class TestReadline < Test::Unit::TestCase Readline.instance_variable_set("@completion_proc", nil) end - def test_safe_level_4 - method_args = - [ - ["readline"], - ["input=", $stdin], - ["output=", $stdout], - ["completion_proc=", proc {}], - ["completion_proc"], - ["completion_case_fold=", true], - ["completion_case_fold"], - ["vi_editing_mode"], - ["vi_editing_mode?"], - ["emacs_editing_mode"], - ["emacs_editing_mode?"], - ["completion_append_character=", "s"], - ["completion_append_character"], - ["basic_word_break_characters=", "s"], - ["basic_word_break_characters"], - ["completer_word_break_characters=", "s"], - ["completer_word_break_characters"], - ["basic_quote_characters=", "\\"], - ["basic_quote_characters"], - ["completer_quote_characters=", "\\"], - ["completer_quote_characters"], - ["filename_quote_characters=", "\\"], - ["filename_quote_characters"], - ["line_buffer"], - ["point"], - ["set_screen_size", 1, 1], - ["get_screen_size"], - ["pre_input_hook=", proc {}], - ["pre_input_hook"], - ["insert_text", ""], - ["redisplay"], - ["special_prefixes=", "$"], - ["special_prefixes"], - ] - method_args.each do |method_name, *args| - assert_raise(SecurityError, NotImplementedError, - "method=<#{method_name}>") do - Thread.start { - $SAFE = 4 - Readline.send(method_name.to_sym, *args) - assert(true) - }.join - end - end - end - if !/EditLine/n.match(Readline::VERSION) def test_readline with_temp_stdio do |stdin, stdout| @@ -90,12 +41,6 @@ class TestReadline < Test::Unit::TestCase end }.join end - assert_raise(SecurityError) do - Thread.start { - $SAFE = 4 - replace_stdio(stdin.path, stdout.path) { Readline.readline("> ") } - }.join - end end end diff --git a/test/readline/test_readline_history.rb b/test/readline/test_readline_history.rb index e21d170cc3..4bcd7b3b25 100644 --- a/test/readline/test_readline_history.rb +++ b/test/readline/test_readline_history.rb @@ -39,41 +39,6 @@ class Readline::TestHistory < Test::Unit::TestCase HISTORY.clear end - def test_safe_level_4 - method_args = - [ - ["[]", [0]], - ["[]=", [0, "s"]], - ["\<\<", ["s"]], - ["push", ["s"]], - ["pop", []], - ["shift", []], - ["length", []], - ["delete_at", [0]], - ["clear", []], - ] - method_args.each do |method_name, args| - assert_raise(SecurityError, NotImplementedError, - "method=<#{method_name}>") do - Thread.start { - $SAFE = 4 - HISTORY.send(method_name.to_sym, *args) - assert(true) - }.join - end - end - - assert_raise(SecurityError, NotImplementedError, - "method=<each>") do - Thread.start { - $SAFE = 4 - HISTORY.each { |s| - assert(true) - } - }.join - end - end - def test_to_s expected = "HISTORY" assert_equal(expected, HISTORY.to_s) diff --git a/test/ruby/test_alias.rb b/test/ruby/test_alias.rb index e154982c89..0fd8d5f89b 100644 --- a/test/ruby/test_alias.rb +++ b/test/ruby/test_alias.rb @@ -52,16 +52,6 @@ class TestAlias < Test::Unit::TestCase end end - def test_JVN_83768862 - d = lambda { - $SAFE = 4 - dclass = Class.new(C) - dclass.send(:alias_method, :mm, :m) - dclass.new - }.call - assert_raise(SecurityError) { d.mm } - end - def test_nonexistmethod assert_raise(NameError){ Class.new{ diff --git a/test/ruby/test_array.rb b/test/ruby/test_array.rb index 6807598054..63db980357 100644 --- a/test/ruby/test_array.rb +++ b/test/ruby/test_array.rb @@ -1732,19 +1732,6 @@ class TestArray < Test::Unit::TestCase assert_equal([3,4,5,0], [1,2,3,4,5,0].drop_while {|i| i < 3 }) end - def test_modify_check - a = [] - a.freeze - assert_raise(RuntimeError) { a.shift } - a = [1, 2] - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - a.shift - end.value - end - end - LONGP = [127, 63, 31, 15, 7].map {|x| 2**x-1 }.find do |x| begin [].first(x) diff --git a/test/ruby/test_dir.rb b/test/ruby/test_dir.rb index 1c8f73e20c..d8f6868aa6 100644 --- a/test/ruby/test_dir.rb +++ b/test/ruby/test_dir.rb @@ -43,15 +43,6 @@ class TestDir < Test::Unit::TestCase end end - def test_JVN_13947696 - b = lambda { - d = Dir.open('.') - $SAFE = 4 - d.close - } - assert_raise(SecurityError) { b.call } - end - def test_nodir assert_raise(Errno::ENOENT) { Dir.open(@nodir) } end @@ -90,12 +81,6 @@ class TestDir < Test::Unit::TestCase d.rewind b = (0..5).map { d.read } assert_equal(a, b) - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - d.rewind - end.join - end ensure d.close end diff --git a/test/ruby/test_encoding.rb b/test/ruby/test_encoding.rb index ef2dc39c4d..c1ded6c741 100644 --- a/test/ruby/test_encoding.rb +++ b/test/ruby/test_encoding.rb @@ -100,11 +100,6 @@ class TestEncoding < Test::Unit::TestCase assert_equal(str, str2, '[ruby-dev:38596]') end - def test_unsafe - bug5279 = '[ruby-dev:44469]' - assert_ruby_status([], '$SAFE=4; "a".encode("utf-16be")', bug5279) - end - def test_compatible_p ua = "abc".force_encoding(Encoding::UTF_8) assert_equal(Encoding::UTF_8, Encoding.compatible?(ua, :abc)) diff --git a/test/ruby/test_env.rb b/test/ruby/test_env.rb index 618be37214..b4c2d1f726 100644 --- a/test/ruby/test_env.rb +++ b/test/ruby/test_env.rb @@ -114,12 +114,6 @@ class TestEnv < Test::Unit::TestCase end def test_aset - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - ENV["test"] = "foo" - end.join - end assert_nothing_raised { ENV["test"] = nil } assert_equal(nil, ENV["test"]) assert_raise(ArgumentError) { ENV["foo\0bar"] = "test" } diff --git a/test/ruby/test_eval.rb b/test/ruby/test_eval.rb index a97b982246..790e2887d5 100644 --- a/test/ruby/test_eval.rb +++ b/test/ruby/test_eval.rb @@ -440,16 +440,6 @@ class TestEval < Test::Unit::TestCase assert_raise(RuntimeError) { eval("raise ''") } end - def test_eval_using_untainted_binding_under_safe4 - assert_raise(SecurityError) do - Thread.new do - b = binding - $SAFE = 4 - eval("", b) - end.join - end - end - def test_eval_with_toplevel_binding # [ruby-dev:37142] ruby("-e", "x = 0; eval('p x', TOPLEVEL_BINDING)") do |f| f.close_write diff --git a/test/ruby/test_exception.rb b/test/ruby/test_exception.rb index c829a179d5..4a0edc3f1a 100644 --- a/test/ruby/test_exception.rb +++ b/test/ruby/test_exception.rb @@ -255,25 +255,6 @@ class TestException < Test::Unit::TestCase INPUT end - def test_safe4 - cmd = proc{raise SystemExit} - safe0_p = proc{|*args| args} - - test_proc = proc { - $SAFE = 4 - begin - cmd.call - rescue SystemExit => e - safe0_p["SystemExit: #{e.inspect}"] - raise e - rescue Exception => e - safe0_p["Exception (NOT SystemExit): #{e.inspect}"] - raise e - end - } - assert_raise(SystemExit, '[ruby-dev:38760]') {test_proc.call} - end - def test_thread_signal_location _, stderr, _ = EnvUtil.invoke_ruby("--disable-gems -d", <<-RUBY, false, true) Thread.start do @@ -475,32 +456,4 @@ end.join s = e.to_s assert_equal(false, s.tainted?) end - - def test_exception_to_s_should_not_propagate_untrustedness - favorite_lang = "Ruby" - - for exc in [Exception, NameError] - assert_raise(SecurityError) do - lambda { - $SAFE = 4 - exc.new(favorite_lang).to_s - favorite_lang.replace("Python") - }.call - end - end - - assert_raise(SecurityError) do - lambda { - $SAFE = 4 - o = Object.new - o.singleton_class.send(:define_method, :to_str) { - favorite_lang - } - NameError.new(o).to_s - favorite_lang.replace("Python") - }.call - end - - assert_equal("Ruby", favorite_lang) - end end diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index 8a33258759..3394d12372 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -1109,15 +1109,6 @@ class TestFileExhaustive < Test::Unit::TestCase assert_nothing_raised { ENV["PATH"] } end - def test_find_file - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - load(@file) - end.join - end - end - def test_size assert_equal(3, File.open(@file) {|f| f.size }) File.open(@file, "a") do |f| diff --git a/test/ruby/test_hash.rb b/test/ruby/test_hash.rb index dbc3ed2bfc..3168760670 100644 --- a/test/ruby/test_hash.rb +++ b/test/ruby/test_hash.rb @@ -722,16 +722,6 @@ class TestHash < Test::Unit::TestCase assert_equal([], expected - vals) end - def test_security_check - h = {} - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - h[1] = 1 - end.join - end - end - def test_intialize_wrong_arguments assert_raise(ArgumentError) do Hash.new(0) { } diff --git a/test/ruby/test_io.rb b/test/ruby/test_io.rb index 959982f1d5..e42ace1952 100644 --- a/test/ruby/test_io.rb +++ b/test/ruby/test_io.rb @@ -918,17 +918,6 @@ class TestIO < Test::Unit::TestCase } end - def safe_4 - t = Thread.new do - $SAFE = 4 - yield - end - unless t.join(10) - t.kill - flunk("timeout in safe_4") - end - end - def ruby(*args) args = ['-e', '$>.write($<.read)'] if args.empty? ruby = EnvUtil.rubybin @@ -1001,9 +990,6 @@ class TestIO < Test::Unit::TestCase def test_inspect with_pipe do |r, w| assert_match(/^#<IO:fd \d+>$/, r.inspect) - assert_raise(SecurityError) do - safe_4 { r.inspect } - end end end @@ -1179,14 +1165,6 @@ class TestIO < Test::Unit::TestCase end end - def test_close_read_security_error - with_pipe do |r, w| - assert_raise(SecurityError) do - safe_4 { r.close_read } - end - end - end - def test_close_read_non_readable with_pipe do |r, w| assert_raise(IOError) do @@ -1203,14 +1181,6 @@ class TestIO < Test::Unit::TestCase end end - def test_close_write_security_error - with_pipe do |r, w| - assert_raise(SecurityError) do - safe_4 { r.close_write } - end - end - end - def test_close_write_non_readable with_pipe do |r, w| assert_raise(IOError) do @@ -1441,14 +1411,6 @@ class TestIO < Test::Unit::TestCase end end - def test_close_security_error - with_pipe do |r, w| - assert_raise(SecurityError) do - safe_4 { r.close } - end - end - end - def test_pos make_tempfile {|t| @@ -1710,12 +1672,6 @@ class TestIO < Test::Unit::TestCase def test_reopen make_tempfile {|t| - with_pipe do |r, w| - assert_raise(SecurityError) do - safe_4 { r.reopen(t.path) } - end - end - open(__FILE__) do |f| f.gets assert_nothing_raised { diff --git a/test/ruby/test_method.rb b/test/ruby/test_method.rb index ca790dfd12..b46d67c9fa 100644 --- a/test/ruby/test_method.rb +++ b/test/ruby/test_method.rb @@ -325,15 +325,6 @@ class TestMethod < Test::Unit::TestCase assert_equal(:bar, m.clone.bar) end - def test_call - o = Object.new - def o.foo; p 1; end - def o.bar(x); x; end - m = o.method(:foo) - m.taint - assert_raise(SecurityError) { m.call } - end - def test_inspect o = Object.new def o.foo; end diff --git a/test/ruby/test_module.rb b/test/ruby/test_module.rb index 816e5dc1ff..5574bf0567 100644 --- a/test/ruby/test_module.rb +++ b/test/ruby/test_module.rb @@ -760,13 +760,6 @@ class TestModule < Test::Unit::TestCase end def test_undef - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - Class.instance_eval { undef_method(:foo) } - end.join - end - c = Class.new assert_raise(NameError) do c.instance_eval { undef_method(:foo) } @@ -861,19 +854,6 @@ class TestModule < Test::Unit::TestCase assert_equal(true, c.private_method_defined?(:baz)) end - def test_change_visibility_under_safe4 - c = Class.new - c.class_eval do - def foo; end - end - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - c.class_eval { private :foo } - end.join - end - end - def test_top_public_private assert_in_out_err([], <<-INPUT, %w([:foo] [:bar]), []) private @@ -970,24 +950,6 @@ class TestModule < Test::Unit::TestCase assert_equal(false, m.include?(m)) end - def test_include_under_safe4 - m = Module.new - c1 = Class.new - assert_raise(SecurityError) do - lambda { - $SAFE = 4 - c1.instance_eval { include(m) } - }.call - end - assert_nothing_raised do - lambda { - $SAFE = 4 - c2 = Class.new - c2.instance_eval { include(m) } - }.call - end - end - def test_send a = AClass.new assert_equal(:aClass, a.__send__(:aClass)) diff --git a/test/ruby/test_object.rb b/test/ruby/test_object.rb index 1da7f250c2..7b660ce87c 100644 --- a/test/ruby/test_object.rb +++ b/test/ruby/test_object.rb @@ -52,16 +52,6 @@ class TestObject < Test::Unit::TestCase assert_raise(RuntimeError) { o.untaint } end - def test_freeze_under_safe_4 - o = Object.new - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - o.freeze - end.join - end - end - def test_freeze_immediate assert_equal(true, 1.frozen?) 1.freeze @@ -282,17 +272,6 @@ class TestObject < Test::Unit::TestCase assert_equal(1+3+5+7+9, n) end - def test_add_method_under_safe4 - o = Object.new - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - def o.foo - end - end.join - end - end - def test_redefine_method_under_verbose assert_in_out_err([], <<-INPUT, %w(2), /warning: method redefined; discarding old foo$/) $VERBOSE = true @@ -316,20 +295,6 @@ class TestObject < Test::Unit::TestCase end def test_remove_method - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - Object.instance_eval { remove_method(:foo) } - end.join - end - - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - Class.instance_eval { remove_method(:foo) } - end.join - end - c = Class.new c.freeze assert_raise(RuntimeError) do @@ -687,72 +652,21 @@ class TestObject < Test::Unit::TestCase end def test_untrusted - obj = lambda { - $SAFE = 4 - x = Object.new - x.instance_eval { @foo = 1 } - x - }.call + obj = Object.new + assert_equal(false, obj.untrusted?) + assert_equal(false, obj.tainted?) + obj.untrust assert_equal(true, obj.untrusted?) assert_equal(true, obj.tainted?) - - x = Object.new - assert_equal(false, x.untrusted?) - assert_raise(SecurityError) do - lambda { - $SAFE = 4 - x.instance_eval { @foo = 1 } - }.call - end - - x = Object.new - x.taint - assert_raise(SecurityError) do - lambda { - $SAFE = 4 - x.instance_eval { @foo = 1 } - }.call - end - - x.untrust - assert_equal(true, x.untrusted?) - assert_nothing_raised do - lambda { - $SAFE = 4 - x.instance_eval { @foo = 1 } - }.call - end - - x.trust - assert_equal(false, x.untrusted?) - assert_raise(SecurityError) do - lambda { - $SAFE = 4 - x.instance_eval { @foo = 1 } - }.call - end - - a = Object.new - a.untrust - assert_equal(true, a.untrusted?) - b = a.dup - assert_equal(true, b.untrusted?) - c = a.clone - assert_equal(true, c.untrusted?) - - a = Object.new - b = lambda { - $SAFE = 4 - a.dup - }.call - assert_equal(true, b.untrusted?) - - a = Object.new - b = lambda { - $SAFE = 4 - a.clone - }.call - assert_equal(true, b.untrusted?) + obj.trust + assert_equal(false, obj.untrusted?) + assert_equal(false, obj.tainted?) + obj.taint + assert_equal(true, obj.untrusted?) + assert_equal(true, obj.tainted?) + obj.untaint + assert_equal(false, obj.untrusted?) + assert_equal(false, obj.tainted?) end def test_to_s @@ -813,42 +727,6 @@ class TestObject < Test::Unit::TestCase assert_match(/\bInspect\u{3042}:.* @\u{3044}=42\b/, x) end - def test_exec_recursive - Thread.current[:__recursive_key__] = nil - a = [[]] - a.inspect - - assert_nothing_raised do - -> do - $SAFE = 4 - begin - a.hash - rescue ArgumentError - end - end.call - end - - -> do - assert_nothing_raised do - $SAFE = 4 - a.inspect - end - end.call - - -> do - o = Object.new - def o.to_ary(x); end - def o.==(x); $SAFE = 4; false; end - a = [[o]] - b = [] - b << b - - assert_nothing_raised do - b == a - end - end.call - end - def test_singleton_class x = Object.new xs = class << x; self; end @@ -895,12 +773,6 @@ class TestObject < Test::Unit::TestCase c = a.dup.freeze assert_raise(RuntimeError, "frozen") {c.instance_eval {initialize_copy(b)}} d = a.dup.trust - assert_raise(SecurityError, "untrust") do - proc { - $SAFE = 4 - d.instance_eval {initialize_copy(b)} - }.call - end [a, b, c, d] end diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb index 9dbb0b0c72..7848eb5e62 100644 --- a/test/ruby/test_pack.rb +++ b/test/ruby/test_pack.rb @@ -644,16 +644,6 @@ EXPECTED assert_equal([0x100000000], "\220\200\200\200\000".unpack("w"), [0x100000000]) end - def test_modify_under_safe4 - s = "foo" - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - s.clear - end.join - end - end - def test_length_too_big assert_raise(RangeError) { [].pack("C100000000000000000000") } end diff --git a/test/ruby/test_rand.rb b/test/ruby/test_rand.rb index 611e9f57a0..98615f8d42 100644 --- a/test/ruby/test_rand.rb +++ b/test/ruby/test_rand.rb @@ -504,18 +504,6 @@ END end end - def test_marshal_load_insecure - r = Random.new(0) - d = r.__send__(:marshal_dump) - l = proc do - $SAFE = 4 - r.__send__(:marshal_load, d) - end - assert_raise(SecurityError, '[Bug #6540]') do - l.call - end - end - def test_random_ulong_limited def (gen = Object.new).rand(*) 1 end assert_equal([2], (1..100).map {[1,2,3].sample(random: gen)}.uniq) diff --git a/test/ruby/test_regexp.rb b/test/ruby/test_regexp.rb index 9ad9afe14c..a91ae8b79f 100644 --- a/test/ruby/test_regexp.rb +++ b/test/ruby/test_regexp.rb @@ -340,14 +340,6 @@ class TestRegexp < Test::Unit::TestCase def test_initialize assert_raise(ArgumentError) { Regexp.new } assert_equal(/foo/, Regexp.new(/foo/, Regexp::IGNORECASE)) - re = /foo/ - assert_raise(SecurityError) do - Thread.new { $SAFE = 4; re.instance_eval { initialize(re) } }.join - end - re.taint - assert_raise(SecurityError) do - Thread.new { $SAFE = 4; re.instance_eval { initialize(re) } }.join - end assert_equal(Encoding.find("US-ASCII"), Regexp.new("b..", nil, "n").encoding) assert_equal("bar", "foobarbaz"[Regexp.new("b..", nil, "n")]) @@ -545,12 +537,12 @@ class TestRegexp < Test::Unit::TestCase def test_taint m = Thread.new do "foo"[/foo/] - $SAFE = 4 + $SAFE = 3 /foo/.match("foo") end.value assert(m.tainted?) assert_nothing_raised('[ruby-core:26137]') { - m = proc {$SAFE = 4; %r"#{ }"o}.call + m = proc {$SAFE = 3; %r"#{ }"o}.call } assert(m.tainted?) end diff --git a/test/ruby/test_settracefunc.rb b/test/ruby/test_settracefunc.rb index b010846b92..ab1a37f8eb 100644 --- a/test/ruby/test_settracefunc.rb +++ b/test/ruby/test_settracefunc.rb @@ -397,42 +397,6 @@ class TestSetTraceFunc < Test::Unit::TestCase assert_equal(self, ok, bug3921) end - def assert_security_error_safe4(block) - assert_raise(SecurityError) do - block.call - end - end - - def test_set_safe4 - func = proc do - $SAFE = 4 - set_trace_func(lambda {|*|}) - end - assert_security_error_safe4(func) - end - - def test_thread_set_safe4 - th = Thread.start {sleep} - func = proc do - $SAFE = 4 - th.set_trace_func(lambda {|*|}) - end - assert_security_error_safe4(func) - ensure - th.kill - end - - def test_thread_add_safe4 - th = Thread.start {sleep} - func = proc do - $SAFE = 4 - th.add_trace_func(lambda {|*|}) - end - assert_security_error_safe4(func) - ensure - th.kill - end - class << self define_method(:method_added, Module.method(:method_added)) end @@ -924,24 +888,6 @@ class TestSetTraceFunc < Test::Unit::TestCase end end - def test_trace_point_enable_safe4 - tp = TracePoint.new {} - func = proc do - $SAFE = 4 - tp.enable - end - assert_security_error_safe4(func) - end - - def test_trace_point_disable_safe4 - tp = TracePoint.new {} - func = proc do - $SAFE = 4 - tp.disable - end - assert_security_error_safe4(func) - end - def m1_for_test_trace_point_binding_in_ifunc(arg) arg + nil rescue diff --git a/test/ruby/test_struct.rb b/test/ruby/test_struct.rb index 1c108777ee..c5ac2eb330 100644 --- a/test/ruby/test_struct.rb +++ b/test/ruby/test_struct.rb @@ -74,17 +74,6 @@ class TestStruct < Test::Unit::TestCase assert_raise(NameError) { o[:b] } end - def test_modify - klass = Struct.new(:a) - o = klass.new(1) - assert_raise(SecurityError) do - Thread.new do - $SAFE = 4 - o.a = 2 - end.value - end - end - def test_set klass = Struct.new(:a) o = klass.new(1) @@ -263,19 +252,6 @@ class TestStruct < Test::Unit::TestCase } end - def test_struct_subclass - bug5036 = '[ruby-dev:44122]' - st = Class.new(Struct) - s = st.new("S", :m).new - error = assert_raise(SecurityError) do - proc do - $SAFE = 4 - s.m = 1 - end.call - end - assert_equal("Insecure: can't modify #{st}::S", error.message, bug5036) - end - def test_to_h klass = Struct.new(:a, :b, :c, :d, :e, :f) o = klass.new(1, 2, 3, 4, 5, 6) diff --git a/test/ruby/test_thread.rb b/test/ruby/test_thread.rb index d9b8afc752..46831f3c46 100644 --- a/test/ruby/test_thread.rb +++ b/test/ruby/test_thread.rb @@ -88,18 +88,6 @@ class TestThread < Test::Unit::TestCase end end - def test_thread_variable_security - t = Thread.new { sleep } - - assert_raises(SecurityError) do - Thread.new { $SAFE = 4; t.thread_variable_get(:foo) }.join - end - - assert_raises(SecurityError) do - Thread.new { $SAFE = 4; t.thread_variable_set(:foo, :baz) }.join - end - end - def test_mutex_synchronize m = Mutex.new r = 0 @@ -396,14 +384,6 @@ class TestThread < Test::Unit::TestCase def test_thread_local_security t = Thread.new { sleep } - assert_raise(SecurityError) do - Thread.new { $SAFE = 4; t[:foo] }.join - end - - assert_raise(SecurityError) do - Thread.new { $SAFE = 4; t[:foo] = :baz }.join - end - assert_raise(RuntimeError) do Thread.new do Thread.current[:foo] = :bar diff --git a/test/ruby/test_time.rb b/test/ruby/test_time.rb index 22df27067f..2a56836cce 100644 --- a/test/ruby/test_time.rb +++ b/test/ruby/test_time.rb @@ -312,16 +312,6 @@ class TestTime < Test::Unit::TestCase "[ruby-dev:44827] [Bug #5586]") end - def test_security_error - assert_raise(SecurityError) do - Thread.new do - t = Time.gm(2000) - $SAFE = 4 - t.localtime - end.join - end - end - def test_at3 t2000 = get_t2000 assert_equal(t2000, Time.at(t2000)) @@ -884,20 +874,6 @@ class TestTime < Test::Unit::TestCase assert_raise(NoMethodError, bug5012) { t1.m } end - def test_time_subclass - bug5036 = '[ruby-dev:44122]' - tc = Class.new(Time) - tc.inspect - t = tc.now - error = assert_raise(SecurityError) do - proc do - $SAFE = 4 - t.gmtime - end.call - end - assert_equal("Insecure: can't modify #{tc}", error.message, bug5036) - end - def test_sec_str bug6193 = '[ruby-core:43569]' t = nil @@ -2165,7 +2165,6 @@ rb_thread_kill(VALUE thread) GetThreadPtr(thread, th); if (th != GET_THREAD() && th->safe_level < 4) { - rb_secure(4); } if (th->to_kill || th->status == THREAD_KILLED) { return thread; @@ -2474,7 +2473,6 @@ rb_thread_s_abort_exc(void) static VALUE rb_thread_s_abort_exc_set(VALUE self, VALUE val) { - rb_secure(4); GET_THREAD()->vm->thread_abort_on_exception = RTEST(val); return val; } @@ -2523,7 +2521,6 @@ static VALUE rb_thread_abort_exc_set(VALUE thread, VALUE val) { rb_thread_t *th; - rb_secure(4); GetThreadPtr(thread, th); th->abort_on_exception = RTEST(val); @@ -3142,7 +3139,6 @@ rb_thread_priority_set(VALUE thread, VALUE prio) int priority; GetThreadPtr(thread, th); - rb_secure(4); #if USE_NATIVE_THREAD_PRIORITY th->priority = NUM2INT(prio); @@ -4116,7 +4112,6 @@ thgroup_add(VALUE group, VALUE thread) rb_thread_t *th; struct thgroup *data; - rb_secure(4); GetThreadPtr(thread, th); if (OBJ_FROZEN(group)) { @@ -4738,7 +4733,6 @@ recursive_list_access(void) VALUE list; if (NIL_P(hash) || !RB_TYPE_P(hash, T_HASH)) { hash = rb_hash_new(); - OBJ_UNTRUST(hash); rb_thread_local_aset(rb_thread_current(), recursive_key, hash); list = Qnil; } @@ -4747,7 +4741,6 @@ recursive_list_access(void) } if (NIL_P(list) || !RB_TYPE_P(list, T_HASH)) { list = rb_hash_new(); - OBJ_UNTRUST(list); rb_hash_aset(hash, sym, list); } return list; @@ -4809,7 +4802,6 @@ recursive_push(VALUE list, VALUE obj, VALUE paired_obj) if (!RB_TYPE_P(pair_list, T_HASH)){ VALUE other_paired_obj = pair_list; pair_list = rb_hash_new(); - OBJ_UNTRUST(pair_list); rb_hash_aset(pair_list, other_paired_obj, Qtrue); rb_hash_aset(list, obj, pair_list); } diff --git a/transcode.c b/transcode.c index badb8460f3..54fc316e41 100644 --- a/transcode.c +++ b/transcode.c @@ -377,7 +377,7 @@ load_transcoder_entry(transcoder_entry_t *entry) memcpy(path, transcoder_lib_prefix, sizeof(transcoder_lib_prefix) - 1); memcpy(path + sizeof(transcoder_lib_prefix) - 1, lib, len); rb_str_set_len(fn, total_len); - FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED); + FL_UNSET(fn, FL_TAINT); OBJ_FREEZE(fn); if (!rb_require_safe(fn, safe > 3 ? 3 : safe)) return NULL; diff --git a/variable.c b/variable.c index 82dd217968..8f2184742c 100644 --- a/variable.c +++ b/variable.c @@ -645,7 +645,6 @@ rb_f_trace_var(int argc, VALUE *argv) struct global_entry *entry; struct trace_var *trace; - rb_secure(4); if (rb_scan_args(argc, argv, "11", &var, &cmd) == 1) { cmd = rb_block_proc(); } @@ -707,7 +706,6 @@ rb_f_untrace_var(int argc, VALUE *argv) struct trace_var *trace; st_data_t data; - rb_secure(4); rb_scan_args(argc, argv, "11", &var, &cmd); id = rb_check_id(&var); if (!id) { @@ -1130,8 +1128,6 @@ rb_ivar_set(VALUE obj, ID id, VALUE val) long i, len; int ivar_extended; - if (!OBJ_UNTRUSTED(obj) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify instance variable"); rb_check_frozen(obj); if (SPECIAL_CONST_P(obj)) goto generic; switch (BUILTIN_TYPE(obj)) { @@ -1404,8 +1400,6 @@ rb_obj_remove_instance_variable(VALUE obj, VALUE name) struct st_table *iv_index_tbl; st_data_t index; - if (!OBJ_UNTRUSTED(obj) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify instance variable"); rb_check_frozen(obj); if (!id) { if (rb_is_instance_name(name)) { @@ -1939,8 +1933,6 @@ rb_const_remove(VALUE mod, ID id) VALUE val; st_data_t v, n = id; - if (!OBJ_UNTRUSTED(mod) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't remove constant"); rb_check_frozen(mod); if (!RCLASS_CONST_TBL(mod) || !st_delete(RCLASS_CONST_TBL(mod), &n, &v)) { if (rb_const_defined_at(mod, id)) { @@ -2131,8 +2123,6 @@ rb_public_const_defined_at(VALUE klass, ID id) static void check_before_mod_set(VALUE klass, ID id, VALUE val, const char *dest) { - if (!OBJ_UNTRUSTED(klass) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't set %s", dest); rb_check_frozen(klass); } @@ -2206,7 +2196,6 @@ rb_define_const(VALUE klass, const char *name, VALUE val) rb_warn("rb_define_const: invalid name `%s' for constant", name); } if (klass == rb_cObject) { - rb_secure(4); } rb_const_set(klass, id, val); } @@ -2224,11 +2213,6 @@ set_const_visibility(VALUE mod, int argc, VALUE *argv, rb_const_flag_t flag) st_data_t v; ID id; - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(mod)) { - rb_raise(rb_eSecurityError, - "Insecure: can't change constant visibility"); - } - if (argc == 0) { rb_warning("%"PRIsVALUE" with no argument is just ignored", QUOTE_ID(rb_frame_callee())); @@ -2563,8 +2547,6 @@ rb_mod_remove_cvar(VALUE mod, VALUE name) if (!rb_is_class_id(id)) { rb_name_error(id, "wrong class variable name %"PRIsVALUE"", QUOTE_ID(id)); } - if (!OBJ_UNTRUSTED(mod) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't remove class variable"); rb_check_frozen(mod); if (RCLASS_IV_TBL(mod) && st_delete(RCLASS_IV_TBL(mod), &n, &val)) { return (VALUE)val; diff --git a/vm_insnhelper.c b/vm_insnhelper.c index 061b020930..b57cccd0fa 100644 --- a/vm_insnhelper.c +++ b/vm_insnhelper.c @@ -559,10 +559,6 @@ static inline VALUE vm_setivar(VALUE obj, ID id, VALUE val, IC ic, rb_call_info_t *ci, int is_attr) { #if USE_IC_FOR_IVAR - if (!OBJ_UNTRUSTED(obj) && rb_safe_level() >= 4) { - rb_raise(rb_eSecurityError, "Insecure: can't modify instance variable"); - } - rb_check_frozen(obj); if (RB_TYPE_P(obj, T_OBJECT)) { diff --git a/vm_method.c b/vm_method.c index 35e1d6f45b..70fda7bf8b 100644 --- a/vm_method.c +++ b/vm_method.c @@ -234,10 +234,6 @@ rb_method_entry_make(VALUE klass, ID mid, rb_method_type_t type, if (NIL_P(klass)) { klass = rb_cObject; } - if (rb_safe_level() >= 4 && - (klass == rb_cObject || !OBJ_UNTRUSTED(klass))) { - rb_raise(rb_eSecurityError, "Insecure: can't define method"); - } if (!FL_TEST(klass, FL_SINGLETON) && type != VM_METHOD_TYPE_NOTIMPLEMENTED && type != VM_METHOD_TYPE_ZSUPER && @@ -657,10 +653,6 @@ remove_method(VALUE klass, ID mid) klass = RCLASS_ORIGIN(klass); if (klass == rb_cObject) { - rb_secure(4); - } - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(klass)) { - rb_raise(rb_eSecurityError, "Insecure: can't remove method"); } rb_check_frozen(klass); if (mid == object_id || mid == id__send__ || mid == idInitialize) { @@ -744,7 +736,6 @@ rb_export_method(VALUE klass, ID name, rb_method_flag_t noex) VALUE defined_class; if (klass == rb_cObject) { - rb_secure(4); } me = search_method(klass, name, &defined_class); @@ -847,10 +838,6 @@ rb_undef(VALUE klass, ID id) rb_raise(rb_eTypeError, "no class to undef method"); } if (rb_vm_cbase() == rb_cObject && klass == rb_cObject) { - rb_secure(4); - } - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(klass)) { - rb_raise(rb_eSecurityError, "Insecure: can't undef `%s'", rb_id2name(id)); } rb_frozen_class_p(klass); if (id == object_id || id == id__send__ || id == idInitialize) { @@ -1201,7 +1188,6 @@ rb_alias(VALUE klass, ID name, ID def) rb_frozen_class_p(klass); if (klass == rb_cObject) { - rb_secure(4); } again: @@ -1259,19 +1245,9 @@ rb_mod_alias_method(VALUE mod, VALUE newname, VALUE oldname) } static void -secure_visibility(VALUE self) -{ - if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(self)) { - rb_raise(rb_eSecurityError, - "Insecure: can't change method visibility"); - } -} - -static void set_method_visibility(VALUE self, int argc, VALUE *argv, rb_method_flag_t ex) { int i; - secure_visibility(self); if (argc == 0) { rb_warning("%"PRIsVALUE" with no argument is just ignored", @@ -1293,7 +1269,6 @@ set_method_visibility(VALUE self, int argc, VALUE *argv, rb_method_flag_t ex) static VALUE set_visibility(int argc, VALUE *argv, VALUE module, rb_method_flag_t ex) { - secure_visibility(module); if (argc == 0) { SCOPE_SET(ex); } @@ -1495,7 +1470,6 @@ rb_mod_modfunc(int argc, VALUE *argv, VALUE module) rb_raise(rb_eTypeError, "module_function must be called for modules"); } - secure_visibility(module); if (argc == 0) { SCOPE_SET(NOEX_MODFUNC); return module; diff --git a/vm_trace.c b/vm_trace.c index d0bcc3a498..48d4e340e0 100644 --- a/vm_trace.c +++ b/vm_trace.c @@ -449,7 +449,6 @@ static void call_trace_func(rb_event_flag_t, VALUE data, VALUE self, ID id, VALU static VALUE set_trace_func(VALUE obj, VALUE trace) { - rb_secure(4); rb_remove_event_hook(call_trace_func); @@ -489,7 +488,6 @@ thread_add_trace_func_m(VALUE obj, VALUE trace) { rb_thread_t *th; - rb_secure(4); GetThreadPtr(obj, th); thread_add_trace_func(th, trace); return trace; @@ -511,7 +509,6 @@ thread_set_trace_func_m(VALUE obj, VALUE trace) { rb_thread_t *th; - rb_secure(4); GetThreadPtr(obj, th); rb_threadptr_remove_event_hook(th, call_trace_func, Qundef); @@ -973,7 +970,6 @@ rb_tracepoint_enable(VALUE tpval) { rb_tp_t *tp; - rb_secure(4); tp = tpptr(tpval); if (tp->target_th) { @@ -993,7 +989,6 @@ rb_tracepoint_disable(VALUE tpval) { rb_tp_t *tp; - rb_secure(4); tp = tpptr(tpval); if (tp->target_th) { |