We just retested some safe levels and examples all failed right now. Was Safe disabled recently?
Derek Charles Oliver Nutter-2 wrote: > > dertown wrote: >> Hi Charles >> >> What is exactly wrong with SAFE and Taint. >> and would it be even possible to get it working properly? I know you >> said >> below it was not possible. >> I am just trying to understand why. > > Politically and theoretically, safe and taint are insufficient to really > give you any reliable measure of security. There's just way too many > edge cases and possible ways to sneak by. Of course, that's just my > belief...but I know of no real-world systems using those sorts of > mechanisms for security and actually trusting them. > > Practically, safe and taint add overhead to a massive number of > operations, ranging from class and method definition to every string or > array mutation. Poke around the JRuby code a bit and you'll see a whole > bunch of code, sprinkled liberally around the system, for checking > whether the current safe level is compatible with the current operation > and the current object's taint. It's not really a scalable way to do > security. > > I'd be interested in hearing about your use cases for safe levels, to > better understand what requirements we actually need to fill. I'd wager > we can get the same things out of Java security levels or out of a more > limited safe approach for operations you might actually want to limit > (like eval) rather than operations that would only rarely be restricted > (like string mutation). > > - Charlie > > --------------------------------------------------------------------- > To unsubscribe from this list please visit: > > http://xircles.codehaus.org/manage_email > > > -- View this message in context: http://www.nabble.com/Ditching-SAFE-and-tainting-tf3989911.html#a11482139 Sent from the JRuby - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
