add safe_leve, default_safe_level ([druby-ja:120])

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7966 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

5 files changed, 65 insertions, 9 deletions

diff --git a/ChangeLog b/ChangeLog
index 715b875987..2ef4956a10 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Mon Feb 14 00:10:17 2005  Masatoshi SEKI  <m_seki@mva.biglobe.ne.jp>
+
+	* lib/drb/drb.rb (DRbServer): add default_safe_level, safe_level,
+	  config[:safe_level] ([druby-ja:120])
+
+	* test/drb/test_drb.rb, ut_eval.rb, ut_safe1.rb: ditto.
+
 Sun Feb 13 23:13:46 2005  Kouhei Sutou  <kou@cozmixng.org>
 
 	* lib/rss/dublincore.rb (RSS::DublicCoreModel#date{,=}): added
diff --git a/lib/drb/drb.rb b/lib/drb/drb.rb
index 6651b0a788..5b1fa0d218 100644
--- a/lib/drb/drb.rb
+++ b/lib/drb/drb.rb
@@ -1186,6 +1186,7 @@ module DRb
     @@argc_limit = 256
     @@load_limit = 256 * 102400
     @@verbose = false
+    @@safe_level = 0
 
     # Set the default value for the :argc_limit option.
     #
@@ -1215,6 +1216,10 @@ module DRb
       @@idconv = idconv
     end
 
+    def self.default_sefe_level(level)
+      @@level = level
+    end
+
     # Set the default value of the :verbose option.
     #
     # See #new().  The initial default value is false.
@@ -1233,7 +1238,8 @@ module DRb
 	:verbose => @@verbose,
 	:tcp_acl => @@acl,
 	:load_limit => @@load_limit,
-	:argc_limit => @@argc_limit
+	:argc_limit => @@argc_limit,
+        :safe_level => @@safe_level
       }
       default_config.update(hash)
     end
@@ -1298,6 +1304,7 @@ module DRb
 
       @front = front
       @idconv = @config[:idconv]
+      @safe_level = @config[:safe_level]
 
       @grp = ThreadGroup.new
       @thread = run
@@ -1326,6 +1333,8 @@ module DRb
     # The configuration of this DRbServer
     attr_reader :config
 
+    attr_reader :safe_level
+
     # Set whether to operate in verbose mode.
     #
     # In verbose mode, failed calls are logged to stdout.
@@ -1395,7 +1404,7 @@ module DRb
     #
     # These methods are not callable via dRuby.
     INSECURE_METHOD = [
-      :__send__, :instance_eval, :module_eval, :class_eval
+      :__send__
     ]
 
     # Has a method been included in the list of insecure methods?
@@ -1440,6 +1449,7 @@ module DRb
     class InvokeMethod  # :nodoc:
       def initialize(drb_server, client)
 	@drb_server = drb_server
+        @safe_level = drb_server.safe_level
 	@client = client
       end
 
@@ -1447,10 +1457,28 @@ module DRb
 	@result = nil
 	@succ = false
 	setup_message
-        if @block
-          @result = perform_with_block
+
+        if $SAFE < @safe_level
+          info = Thread.current['DRb']
+          if @block
+            @result = Thread.new { 
+              Thread.current['DRb'] = info
+              $SAFE = @safe_level
+              perform_with_block
+            }.value
+          else
+            @result = Thread.new { 
+              Thread.current['DRb'] = info
+              $SAFE = @safe_level
+              perform_without_block
+            }.value
+          end
         else
-          @result = perform_without_block
+          if @block
+            @result = perform_with_block
+          else
+            @result = perform_without_block
+          end
         end
 	@succ = true
 	if @msg_id == :to_ary
diff --git a/test/drb/test_drb.rb b/test/drb/test_drb.rb
index d86bce883a..a6b83d201c 100644
--- a/test/drb/test_drb.rb
+++ b/test/drb/test_drb.rb
@@ -209,7 +209,7 @@ class TestDRbEval < Test::Unit::TestCase
     @ext.stop_service if @ext
   end
   
-  def test_01_safe1_eval
+  def test_01_safe1_safe4_eval
     assert_raises(SecurityError) do
       @there.method_missing(:instance_eval, 'ENV.inspect')
     end
@@ -227,6 +227,19 @@ class TestDRbEval < Test::Unit::TestCase
     assert_raises(SecurityError) do
       remote_class.module_eval('ENV.inspect')
     end
+
+    four = @there.four
+    assert_equal(1, four.method_missing(:send, :eval, '1'))
+    
+    remote_class = four.remote_class
+
+    assert_raises(SecurityError) do
+      remote_class.class_eval('ENV.inspect')
+    end
+
+    assert_raises(SecurityError) do
+      remote_class.module_eval('ENV.inspect')
+    end
   end
 end
 
diff --git a/test/drb/ut_eval.rb b/test/drb/ut_eval.rb
index 6a81e17d05..4df963e7cd 100644
--- a/test/drb/ut_eval.rb
+++ b/test/drb/ut_eval.rb
@@ -2,6 +2,14 @@ require 'drb/drb'
 require 'drb/extserv'
 
 class EvalAttack
+  def initialize
+    @four = DRb::DRbServer.new('druby://localhost:0', self, {:safe_level => 4})
+  end
+
+  def four
+    DRbObject.new_with_uri(@four.uri)
+  end
+
   def remote_class
     DRbObject.new(self.class)
   end
@@ -17,7 +25,7 @@ if __FILE__ == $0
 
   $SAFE = 1
 
-  DRb.start_service('druby://localhost:0', EvalAttack.new)
+  DRb.start_service('druby://localhost:0', EvalAttack.new, {:safe_level => 2})
   es = DRb::ExtServ.new(ARGV.shift, ARGV.shift)
   DRb.thread.join
 end
diff --git a/test/drb/ut_safe1.rb b/test/drb/ut_safe1.rb
index 761bdff4b1..3ff8b4d66f 100644
--- a/test/drb/ut_safe1.rb
+++ b/test/drb/ut_safe1.rb
@@ -9,8 +9,8 @@ if __FILE__ == $0
   end
 
   $SAFE = 1
-
-  DRb.start_service('druby://localhost:0', [1, 2, 'III', 4, "five", 6])
+  DRb.start_service('druby://localhost:0', [1, 2, 'III', 4, "five", 6], 
+                    {:safe_level => 1})
   es = DRb::ExtServ.new(ARGV.shift, ARGV.shift)
   DRb.thread.join
 end