Warn on access/modify of $SAFE, and remove effects of modifying $SAFE

This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.

This modifies some internal functions that took a safe level argument
to no longer take the argument.

rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.

One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd.  We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.

1 files changed, 0 insertions, 12 deletions

diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb
index f984a8fd23..5599040e1e 100644
--- a/test/ruby/test_file.rb
+++ b/test/ruby/test_file.rb
@@ -471,18 +471,6 @@ class TestFile < Test::Unit::TestCase
     end
   end
 
-  def test_untainted_path
-    bug5374 = '[ruby-core:39745]'
-    cwd = ("./"*40+".".taint).dup.untaint
-    in_safe = proc {|safe| $SAFE = safe; File.stat(cwd)}
-    assert_not_send([cwd, :tainted?])
-    (0..1).each do |level|
-      assert_nothing_raised(SecurityError, bug5374) {in_safe[level]}
-    end
-  ensure
-    $SAFE = 0
-  end
-
   if /(bcc|ms|cyg)win|mingw|emx/ =~ RUBY_PLATFORM
     def test_long_unc
       feature3399 = '[ruby-core:30623]'