* safe.c (rb_set_safe_level, safe_setter): raise an ArgumentError

  when $SAFE is set to 4.  $SAFE=4 is now obsolete.
  [ruby-core:55222] [Feature #8468]

* object.c (rb_obj_untrusted, rb_obj_untrust, rb_obj_trust):
  Kernel#untrusted?, untrust, and trust are now deprecated.
  Their behavior is same as tainted?, taint, and untaint,
  respectively.

* include/ruby/ruby.h (OBJ_UNTRUSTED, OBJ_UNTRUST): OBJ_UNTRUSTED()
  and OBJ_UNTRUST() are aliases of OBJ_TAINTED() and OBJ_TAINT(),
  respectively.

* array.c, class.c, debug.c, dir.c, encoding.c, error.c, eval.c,
  ext/curses/curses.c, ext/dbm/dbm.c, ext/dl/cfunc.c,
  ext/dl/cptr.c, ext/dl/dl.c, ext/etc/etc.c, ext/fiddle/fiddle.c,
  ext/fiddle/pointer.c, ext/gdbm/gdbm.c, ext/readline/readline.c,
  ext/sdbm/init.c, ext/socket/ancdata.c, ext/socket/basicsocket.c,
  ext/socket/socket.c, ext/socket/udpsocket.c,
  ext/stringio/stringio.c, ext/syslog/syslog.c, ext/tk/tcltklib.c,
  ext/win32ole/win32ole.c, file.c, gc.c, hash.c, io.c, iseq.c,
  load.c, marshal.c, object.c, proc.c, process.c, random.c, re.c,
  safe.c, string.c, thread.c, transcode.c, variable.c,
  vm_insnhelper.c, vm_method.c, vm_trace.c: remove code for
  $SAFE=4.

* test/dl/test_dl2.rb, test/erb/test_erb.rb,
  test/readline/test_readline.rb,
  test/readline/test_readline_history.rb, test/ruby/test_alias.rb,
  test/ruby/test_array.rb, test/ruby/test_dir.rb,
  test/ruby/test_encoding.rb, test/ruby/test_env.rb,
  test/ruby/test_eval.rb, test/ruby/test_exception.rb,
  test/ruby/test_file_exhaustive.rb, test/ruby/test_hash.rb,
  test/ruby/test_io.rb, test/ruby/test_method.rb,
  test/ruby/test_module.rb, test/ruby/test_object.rb,
  test/ruby/test_pack.rb, test/ruby/test_rand.rb,
  test/ruby/test_regexp.rb, test/ruby/test_settracefunc.rb,
  test/ruby/test_struct.rb, test/ruby/test_thread.rb,
  test/ruby/test_time.rb: remove tests for $SAFE=4.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41259 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 12 insertions, 41 deletions

diff --git a/object.c b/object.c
index c1a52bdbf8..683c893c82 100644
--- a/object.c
+++ b/object.c
@@ -72,7 +72,7 @@ rb_obj_setup(VALUE obj, VALUE klass, VALUE type)
 {
     RBASIC(obj)->flags = type;
     RBASIC_SET_CLASS(obj, klass);
-    if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT | FL_UNTRUSTED);
+    if (rb_safe_level() >= 3) FL_SET((obj), FL_TAINT);
     return obj;
 }
 
@@ -259,7 +259,7 @@ init_copy(VALUE dest, VALUE obj)
         rb_raise(rb_eTypeError, "[bug] frozen object (%s) allocated", rb_obj_classname(dest));
     }
     RBASIC(dest)->flags &= ~(T_MASK|FL_EXIVAR);
-    RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR|FL_TAINT|FL_UNTRUSTED);
+    RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR|FL_TAINT);
     rb_copy_generic_ivar(dest, obj);
     rb_gc_copy_finalizer(dest, obj);
     switch (TYPE(obj)) {
@@ -335,7 +335,7 @@ rb_obj_clone(VALUE obj)
         rb_raise(rb_eTypeError, "can't clone %s", rb_obj_classname(obj));
     }
     clone = rb_obj_alloc(rb_obj_class(obj));
-    RBASIC(clone)->flags &= (FL_TAINT|FL_UNTRUSTED);
+    RBASIC(clone)->flags &= FL_TAINT;
     RBASIC(clone)->flags |= RBASIC(obj)->flags & ~(FL_OLDGEN|FL_FREEZE|FL_FINALIZE);
 
     singleton = rb_singleton_class_clone_and_attach(obj, clone);
@@ -907,7 +907,6 @@ rb_obj_tainted(VALUE obj)
 VALUE
 rb_obj_taint(VALUE obj)
 {
-    rb_secure(4);
     if (!OBJ_TAINTED(obj)) {
 	rb_check_frozen(obj);
 	OBJ_TAINT(obj);
@@ -940,47 +939,28 @@ rb_obj_untaint(VALUE obj)
  *  call-seq:
  *     obj.untrusted?    -> true or false
  *
- *  Returns true if the object is untrusted.
- *
- *  See #untrust for more information.
+ *  Deprecated method that is equivalent to #tainted?.
  */
 
 VALUE
 rb_obj_untrusted(VALUE obj)
 {
-    if (OBJ_UNTRUSTED(obj))
-	return Qtrue;
-    return Qfalse;
+    rb_warning("untrusted? is deprecated and its behavior is same as tainted?");
+    return rb_obj_tainted(obj);
 }
 
 /*
  *  call-seq:
  *     obj.untrust -> obj
  *
- *  Mark the object as untrusted.
- *
- *  An untrusted object is not allowed to modify any trusted objects. To check
- *  whether an object is trusted, use #untrusted?
- *
- *  Any object created by untrusted code is marked as both tainted and
- *  untrusted. See #taint for more information.
- *
- *  You should only trust an untrusted object if your code has inspected it and
- *  determined that it is safe. To do so use #trust
- *
- *  In $SAFE level 3 and 4, all objects are tainted and untrusted, any use of
- *  trust or taint methods will raise a SecurityError exception.
+ *  Deprecated method that is equivalent to #taint.
  */
 
 VALUE
 rb_obj_untrust(VALUE obj)
 {
-    rb_secure(4);
-    if (!OBJ_UNTRUSTED(obj)) {
-	rb_check_frozen(obj);
-	OBJ_UNTRUST(obj);
-    }
-    return obj;
+    rb_warning("untrust is deprecated and its behavior is same as taint");
+    return rb_obj_taint(obj);
 }
 
 
@@ -988,20 +968,14 @@ rb_obj_untrust(VALUE obj)
  *  call-seq:
  *     obj.trust    -> obj
  *
- *  Removes the untrusted mark from the object.
- *
- *  See #untrust for more information.
+ *  Deprecated method that is equivalent to #untaint.
  */
 
 VALUE
 rb_obj_trust(VALUE obj)
 {
-    rb_secure(3);
-    if (OBJ_UNTRUSTED(obj)) {
-	rb_check_frozen(obj);
-	FL_UNSET(obj, FL_UNTRUSTED);
-    }
-    return obj;
+    rb_warning("trust is deprecated and its behavior is same as untaint");
+    return rb_obj_untaint(obj);
 }
 
 void
@@ -1037,9 +1011,6 @@ VALUE
 rb_obj_freeze(VALUE obj)
 {
     if (!OBJ_FROZEN(obj)) {
-	if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(obj)) {
-	    rb_raise(rb_eSecurityError, "Insecure: can't freeze object");
-	}
 	OBJ_FREEZE(obj);
 	if (SPECIAL_CONST_P(obj)) {
 	    if (!immediate_frozen_tbl) {