开发者

What vulnerabilities are possible in ruby with $SAFE = 4?

What vulnerabilities are possible in ruby with $SAFE = 4? Right off the bat I know that XSRF is possible because the attack has nothing to do with "tainte开发者_运维技巧d variables" but rather where http request originates from. I know that using weak cryptographic algorithms like md5() won't be picked up. Do you know of any others? Code examples are much appreciated!


There's an almost limitless array of vulnerabilities possible with $SAFE=4. Nothing can protect you from all the arbitrary bad things you can do it code. For example, you can do all sorts of dumb things with sensitive data in a database if you're not careful no matter what the $SAFE mode — for Web apps, this should actually be a much bigger concern than the things $SAFE helps you with. $SAFE essentially protects you from one common thing you might do wrong while leaving all the others open. See last year's winner of the Underhanded C Contest:

It is also a great example of the principle that you can’t protect against intending to write the wrong thing. The code will stand up to any buffer overflow check, code style check, or lint program. The code is correct and proper C code; the bug was not introduced in the code, but much earlier, in my head when I conceived the algorithm.


It used to be if you were executing or eval'ing external code you can be DOS'ed in safe level 4 by doing some expensive atomic operations like calculating large powers and setting a thread to critical

Thread.new do
   Thread.critical = true
   9999999999999 ** 999999999999 # DOS!
end
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜