We just retested some safe levels and examples all failed right now.
Was Safe disabled recently?
Derek
Charles Oliver Nutter-2 wrote:
>
> dertown wrote:
>> Hi Charles
>>
>> What is exactly wrong with SAFE and Taint.
>> and would it be even possible to get it
Charles Oliver Nutter-2 wrote:
>
> dertown wrote:
>> Hi Charles
>>
>> What is exactly wrong with SAFE and Taint.
>> and would it be even possible to get it working properly? I know you
>> said
>> below it was not possible.
>> I am jus
Hi Charles
What is exactly wrong with SAFE and Taint.
and would it be even possible to get it working properly? I know you said
below it was not possible.
I am just trying to understand why.
Derek
Charles Oliver Nutter-2 wrote:
>
> SAFE and tainting go hand in hand as perhaps the sole securi
HI NIck
I was looking at the Sandbox implemntation and it is a good model for stand
alone applications.
Howeve for distrubted applications , for example DRb we need something that
is closer to Safe
or has the same functions as safe.
Derek
Nick Sieger-2 wrote:
>
> On 7/3/07, dertown &
Nick Sieger-2 wrote:
>
> On 6/28/07, Thomas E Enebo <[EMAIL PROTECTED]> wrote:
>> I say chuck it out since we are not even close to being correct in
>> this area. It gives a false sense of security. In fact, I wonder
>> what sort of audit MRI goes through to demonstrate that safe/taint is
>>
Charles Oliver Nutter-2 wrote:
>
> dertown wrote:
>> Is there a place where we can start getting some requiremnts together for
>> a
>> new Ruby Security implentation. Then it would be possible to completely
>> replace SAFE and Taint.
>>
>> Would p
Would this solution be able to to cross implentations of Ruby?
Nick Sieger-2 wrote:
>
> On 6/28/07, Thomas E Enebo <[EMAIL PROTECTED]> wrote:
>> I say chuck it out since we are not even close to being correct in
>> this area. It gives a false sense of security. In fact, I wonder
>> what sort
Thomas E Enebo wrote:
>
> On 6/28/07, dertown <[EMAIL PROTECTED]> wrote:
>> Thomas E Enebo wrote:
>> >
>> > I say chuck it out since we are not even close to being correct in
>> > this area. It gives a false sense of security. In fact, I wonde
Thomas E Enebo wrote:
>
> I say chuck it out since we are not even close to being correct in
> this area. It gives a false sense of security. In fact, I wonder
> what sort of audit MRI goes through to demonstrate that safe/taint is
> working. As far as I can tell tainting is really tough to
Charles Oliver Nutter-2 wrote:
>
> dertown wrote:
>> I can understand the Idea and reasoning but i am wondering if you would
>> implement something else to
>> preform safty checks or leave that to indivdual users?
>
> The idea is that Ruby's profess
Charles Oliver Nutter-2 wrote:
>
> SAFE and tainting go hand in hand as perhaps the sole security mechanism
> in Ruby. When at various SAFE levels, you can't eval code, modify arrays
> and other objects, open files and sockets, and so on. There's 5 safe
> levels, increasingly more restrictiv
11 matches
Mail list logo
