Name

Level 4

Synopsis

In this level, modification of global data is forbidden, in addition to all restrictions in Level 3. eval is allowed again in this level, since all dangerous operations are blocked in this level. 

def safe_eval(str)
Thread::start {           # start sandbox thread
  $SAFE = 4               # upgrade safe level
  eval(str)               # eval in the sandbox
}.value                   # retrieve result
end

eval('1 + 1')             # => 2
eval('system "rm -rf /"') # SecurityError

The following operations are prohibited:

  • Object#taint

  • autoload, load, and include

  • Modifying Object class

  • Modifying untainted objects

  • Modifying untainted classes or modules

  • Retrieving meta information (e.g., variable list)

  • Manipulating instance variables

  • Manipulating threads other than current

  • Accessing thread local data

  • Terminating process (by exit, abort)

  • File input/output

  • Modifying environment variables

  • srand

Get Ruby in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial