Home/ Questions/Q 9291191
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T20:35:26+00:00

Couldn’t understand how the command line option below is used in practice. -T[level=1] I

  • 0

Couldn’t understand how the command line option below is used in practice.

-T[level=1]

I tried this code:

#commandoptionstest.rb
puts "hello world"

with various SAFE levels:

Output is OK

@ubuntu:~/script$ ruby -x commandoptionstest.rb
# => hello world

Why the error? What do I need to do in commandoptionstest.rb to allow -x with -T?

@ubuntu:~/script$ ruby -x -T commandoptionstest.rb
# => ruby: no -x allowed in tainted mode (SecurityError)

Output is coming

@ubuntu:~/script$ ruby -T commandoptionstest.rb
# => hello world

Output is coming

@ubuntu:~/script$ ruby -T1 commandoptionstest.rb
# => hello world

Output is coming

@ubuntu:~/script$ ruby -T2 commandoptionstest.rb
# => hello world

Output is coming

@ubuntu:~/script$ ruby -T3 commandoptionstest.rb
# => hello world

Again why the error?

@ubuntu:~/script$ ruby -T4 commandoptionstest.rb
# => commandoptionstest.rb:15:in `write': Insecure operation `write' at level 4 (SecurityError)
#   from commandoptionstest.rb:15:in `puts'
#   from commandoptionstest.rb:15:in `puts'
#   from commandoptionstest.rb:15:in `<main>'

With the help of the above code, could you please explain why the SAFE levels 1, 2, 3 are printing "hello world", while SAFE level 4 not? To allow the write operations at SAFE level 4, what should be done here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It sets the $SAFE level.

    This dictates how inputs are handled, along with a great number of other things regarding environment variables, I/O, threads, exceptions, interpreter command line args, etc.

    http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html

    IMO the docs are a good place to start. If you have a question about a specific behavior, ask.

    To address your comment and your edits:

    Yes, I can, but the docs can too, and likely better.

    Why does -x not work?

    Because the docs say it won’t:

    $SAFE >= 1
       * The command-line options -e, -i, -I, -r, -s, -S, and -x are not allowed.

    [~]$ ruby –help
    Usage: ruby [switches] [–] [programfile] [arguments]
    # elided
    -T[level=1] turn on tainting checks

    So the default level if -T is specified with no number is 1, which means $SAFE >= 1, which means exactly what the docs say: -x is not allowed.

    Why doesn’t puts work?

    Difficult to say since you don’t actually provide the code you’re executing, but most likely, again, as the docs say:

    $SAFE >= 4
       * Can’t write to files or pipes.

    • 0