📄 2.10.htm
字号:
name=ch02-92-fm2xml></A><A name=IXT-2-127160></A><A
name=IXT-2-127161></A><A name=IXT-2-127162></A><A
name=IXT-2-127163></A><A name=IXT-2-127164></A><A
name=IXT-2-127165></A><A name=IXT-2-127166></A><A
name=IXT-2-127167></A><A name=IXT-2-127168></A><A
name=IXT-2-127169></A><A name=IXT-2-127170></A><A
name=IXT-2-127171></A><A name=IXT-2-127172></A><A
name=IXT-2-127173></A><A name=IXT-2-127174></A><A
name=IXT-2-127175></A>
<TABLE cellPadding=5 width=515 border=0>
<TBODY>
<TR>
<TD align=left><B><I>Level 2</I></B></TD>
<TD align=right></TD></TR></TBODY></TABLE>
<HR align=left width=515 color=black noShade SIZE=3>
<TABLE cellPadding=5 width=515 border=0>
<TBODY>
<TR>
<TD align=left></TD>
<TD align=right></TD></TR></TBODY></TABLE>
<P class=docText><A name=IXT-2-127160></A><A
name=IXT-2-127161></A><A name=IXT-2-127162></A><A
name=IXT-2-127163></A><A name=IXT-2-127164></A><A
name=IXT-2-127165></A><A name=IXT-2-127166></A><A
name=IXT-2-127167></A><A name=IXT-2-127168></A><A
name=IXT-2-127169></A><A name=IXT-2-127170></A><A
name=IXT-2-127171></A><A name=IXT-2-127172></A><A
name=IXT-2-127173></A><A name=IXT-2-127174></A><A
name=IXT-2-127175></A>In this level, potentially dangerous
operations on processes and files are forbidden, in addition
to all restrictions in level 1. The following operations are
prohibited: </P>
<DL class=docList>
<DT><TT>Dir::chdir</TT>
<DT><TT>Dir::chroot</TT>
<DT><TT>Dir::mkdir</TT>
<DT><TT>Dir::rmdir</TT>
<DT><TT>File::chown</TT>
<DT><TT>File::chmod</TT>
<DT><TT>File::umask</TT>
<DT><TT>File::truncate</TT>
<DT><TT>File#lstat</TT>
<DT><TT>File#chmod</TT>
<DT><TT>File#chown</TT>
<DT><TT>File#truncate</TT>
<DT><TT>File#flock</TT>
<DT><TT>IO#ioctl</TT>
<DT><TT>IO#fctrl</TT>
<DT>Methods defined in the <TT>FileTest</TT> module
<DT><TT>Process::fork</TT>
<DT><TT>Process::setpgid</TT>
<DT><TT>Process::setsid</TT>
<DT><TT>Process::setpriority</TT>
<DT><TT>Process::egid=</TT>
<DT><TT>Process::kill</TT>
<DT><TT>load</TT> from a world-writable directory
<DT><TT>syscall</TT>
<DT><TT>exit!</TT>
<DT><TT>trap</TT> </DT></DL><A name=ch02-93-fm2xml></A>
<TABLE cellPadding=5 width=515 border=0>
<TBODY>
<TR>
<TD align=left><B><I>Level 3</I></B></TD>
<TD align=right></TD></TR></TBODY></TABLE>
<HR align=left width=515 color=black noShade SIZE=3>
<TABLE cellPadding=5 width=515 border=0>
<TBODY>
<TR>
<TD align=left></TD>
<TD align=right></TD></TR></TBODY></TABLE>
<P class=docText>In this level, all newly created objects are
considered tainted, in addition to all restrictions in Level
2. </P>
<UL>
<LI>
<P class=docList>All objects are created tainted.</P>
<LI>
<P class=docList><TT>Object#untaint</TT> is prohibited.</P>
<LI>
<P class=docList><TT>Proc</TT> objects retain current safe
level to restore when their <TT>call</TT> methods are
invoked. </P></LI></UL><A name=ch02-94-fm2xml></A>
<TABLE cellPadding=5 width=515 border=0>
<TBODY>
<TR>
<TD align=left><B><I>Level 4</I></B></TD>
<TD align=right></TD></TR></TBODY></TABLE>
<HR align=left width=515 color=black noShade SIZE=3>
<TABLE cellPadding=5 width=515 border=0>
<TBODY>
<TR>
<TD align=left></TD>
<TD align=right></TD></TR></TBODY></TABLE>
<P class=docText>In this level, modification of global data is
forbidden, in addition to all restrictions in Level 3.
<TT>eval</TT> is allowed again in this level, since all
dangerous operations are blocked in this level. </P><PRE>def safe_eval(str)
Thread::start { # start sandbox thread
$SAFE = 4 # upgrade safe level
eval(str) # eval in the sandbox
}.value # retrieve result
end
eval('1 + 1') # => 2
eval('system "rm -rf /"') # SecurityError</PRE>
<P class=docText>The following operations are prohibited:</P>
<UL>
<LI>
<P class=docList><TT>Object#taint</TT></P>
<LI>
<P class=docList><TT>autoload</TT><A
name=IXT-2-127176></A><A name=IXT-2-127177></A><A
name=IXT-2-127178></A>, <TT>load</TT>, and <TT>include</TT>
</P>
<LI>
<P class=docList><A name=IXT-2-127179></A>Modifying
<TT>Object</TT> class </P>
<LI>
<P class=docList>Modifying untainted objects</P>
<LI>
<P class=docList>Modifying untainted classes or modules</P>
<LI>
<P class=docList>Retrieving meta information (e.g., variable
list)</P>
<LI>
<P class=docList><A name=IXT-2-127180></A><A
name=IXT-2-127181></A>Manipulating instance variables </P>
<LI>
<P class=docList><A name=IXT-2-127182></A>Manipulating
threads other than current </P>
<LI>
<P class=docList>Accessing thread local data</P>
<LI>
<P class=docList><A name=IXT-2-127183></A><A
name=IXT-2-127184></A>Terminating process (by <TT>exit</TT>,
<TT>abort</TT>) </P>
<LI>
<P class=docList>File input/output</P>
<LI>
<P class=docList><A name=IXT-2-127185></A>Modifying
environment variables </P>
<LI>
<P class=docList><TT>srand</TT><A name=IXT-2-127186></A><A
name=IXTR3-10></A> </P></LI></UL>
<UL></UL></TD></TR></TBODY></TABLE>
<HR SIZE=1>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD height=15> </TD></TR>
<TR>
<TD class=v2 vAlign=top><A
href="http://proquest.safaribooksonline.com/JVXSL.asp?x=1&mode=print&sortKey=title&sortOrder=asc&view=&xmlid=0-59600-214-9/ruby-CHP-2-SECT-10&open=false&catid=&s=1&b=1&f=1&t=1&c=1&u=1"
target=_new><IMG height=12 src="2.10.files/img_print.gif"
width=14 align=textTop border=0></A> <A class=v2
title="Printer-friendly version of this section"
href="http://proquest.safaribooksonline.com/JVXSL.asp?x=1&mode=print&sortKey=title&sortOrder=asc&view=&xmlid=0-59600-214-9/ruby-CHP-2-SECT-10&open=false&catid=&s=1&b=1&f=1&t=1&c=1&u=1"
target=_new>Print</A> <A
href="http://proquest.safaribooksonline.com/JVXSL.asp?x=1&mode=email&sortKey=title&sortOrder=asc&view=&xmlid=0-59600-214-9/ruby-CHP-2-SECT-10&open=false&catid=&s=1&b=1&f=1&t=1&c=1&u=1"><IMG
height=9 hspace=3 src="2.10.files/img_email.gif" width=15
align=absMiddle border=0></A> <A class=v2
title="E-Mail ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -