diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-02-02 01:51:37 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-02-02 01:51:37 +0000 |
commit | 92c1538d48f79cb8d7645d29ff7ecdc51ebd30ab (patch) | |
tree | d40aa92be7efe7e97722f891ef421ff3acb5bd56 /doc/security.rdoc | |
parent | 5146f5abe9adaf7760728ec279e69e021a234723 (diff) | |
download | ruby-92c1538d48f79cb8d7645d29ff7ecdc51ebd30ab.tar.gz |
security.rdoc: update about Symbol GC [ci skip]
* doc/security.rdoc (Symbols): update about Symbol GC. Symbols
explicitly converted from Strings now can be collected, but
reflection/metaprogramming still can cause memory flooding.
[Fix GH-725]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49468 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'doc/security.rdoc')
-rw-r--r-- | doc/security.rdoc | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/doc/security.rdoc b/doc/security.rdoc index d8efca0042..ff2da46074 100644 --- a/doc/security.rdoc +++ b/doc/security.rdoc @@ -66,20 +66,16 @@ method, variable and constant names. The reason for this is that symbols are simply integers with names attached to them, so they are faster to look up in hashtables. -Once a symbol is created, the memory used by it is never freed. If you convert -user input to symbols with +to_sym+ or +intern+, it is possible for an attacker -to mount a denial of service attack against your application by flooding it -with unique strings. Because each string is kept in memory until the Ruby -process exits, this will cause memory consumption to grow and grow until Ruby -runs out of memory and crashes. - Be careful with passing user input to methods such as +send+, -+instance_variable_get+ or +_set+, +const_get+ or +_set+, etc. as these methods -will convert string parameters to symbols internally and pose the same DoS -potential as direct conversion through +to_sym+/+intern+. - -The workaround to this is simple - don't convert user input to symbols. You -should attempt to leave user input in string form instead. ++instance_variable_get+ or +_set+, +const_get+ or +_set+, etc. +as these methods will convert string parameters to immortal symbols internally. +This means that the memory used by the symbols are never freed. This could +allow a user to mount a denial of service attack against your application by +flooding it with unique strings, which will cause memory to grow indefinitely +until the Ruby process is killed or causes the system to slow to a halt. + +The workaround to this is simple - don't call reflection/metaprogramming +methods with user input. == Regular expressions |