Skip to content

Instantly share code, notes, and snippets.

@tarcieri
Last active December 12, 2015 05:08
Show Gist options
  • Save tarcieri/4719525 to your computer and use it in GitHub Desktop.
Save tarcieri/4719525 to your computer and use it in GitHub Desktop.
A SecureContext strawman
# This is Ruby right? We abuse dynamic scope for everything
SecureContext.new do
# NO
eval "`rm -rf /`"
# NO
system "rm -rf /"
# NO
alias_method :loleval, :eval
loleval "`rm -rf /`"
# NO
passw3rdz = File.read("/etc/passwd")
# NO
l33t_pip3z = IO.pipe
# NO
Object.new.instance_eval("`rm -rf /")
# NO
class HaxorShiz; end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment