What vulnerabilities are possible in ruby with $SAFE = 4? Right off the bat I know that XSRF is possible because the attack has nothing to do with "tainted variables" but rather where http request originates from. I know that using weak cryptographic algorithms like md5() won't be picked up. Do you know of any others? Code examples are much appreciated!
+2
A:
It used to be if you were executing or eval'ing external code you can be DOS'ed in safe level 4 by doing some expensive atomic operations like calculating large powers and setting a thread to critical
Thread.new do
Thread.critical = true
9999999999999 ** 999999999999 # DOS!
end
Farrel
2010-01-28 20:35:40
"warning: in a**b, b may be too big", loop{} is probably more powerful
ChaosR
2010-02-08 16:55:58
+3
A:
There's an almost limitless array of vulnerabilities possible with $SAFE=4. Nothing can protect you from all the arbitrary bad things you can do it code. For example, you can do all sorts of dumb things with sensitive data in a database if you're not careful no matter what the $SAFE mode — for Web apps, this should actually be a much bigger concern than the things $SAFE helps you with. $SAFE essentially protects you from one common thing you might do wrong while leaving all the others open. See last year's winner of the Underhanded C Contest:
It is also a great example of the principle that you can’t protect against intending to write the wrong thing. The code will stand up to any buffer overflow check, code style check, or lint program. The code is correct and proper C code; the bug was not introduced in the code, but much earlier, in my head when I conceived the algorithm.
Chuck
2010-01-28 20:38:41
You need to be more specific. Information leakage is correct, I'll buy that one. I have no idea why you posted an underhanded C contest submission, that is totally baffling as it has absolutely no relation to security.
Rook
2010-01-28 21:08:27
Yes, it does. That Underhanded C Contest challenge was to introduce a security vulnerability into an image processing algorithm. He created a very clever solution that does the job in a simple and straightforward manner but still has a huge security problem. His explanation of how it worked is relevant to the question: No amount of safeguards can prevent you from intending to do the wrong thing. This is where a lot of security vulnerabilities come in — algorithms that aren't designed to be secure.
Chuck
2010-01-28 22:25:41