--- ruby-1.8.1/eval.c.cve-2006-3694-3 2006-07-27 21:35:11.767210927 -0600 +++ ruby-1.8.1/eval.c 2006-07-27 21:40:30.087912382 -0600 @@ -1930,7 +1930,8 @@ rb_alias(klass, name, def) rb_clear_cache_by_id(name); st_insert(RCLASS(klass)->m_tbl, name, - (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), orig->nd_noex)); + (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), + NOEX_WITH_SAFE(orig->nd_noex))); if (singleton) { rb_funcall(singleton, singleton_added, 1, ID2SYM(name)); } @@ -5022,6 +5023,11 @@ rb_call0(klass, recv, id, oid, argc, arg TMP_PROTECT; volatile int safe = -1; + if (NOEX_SAFE(flags) > ruby_safe_level && + !(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) { + rb_raise(rb_eSecurityError, "calling insecure method: %s", + rb_id2name(id)); + } switch (ruby_iter->iter) { case ITER_PRE: itr = ITER_CUR; @@ -5122,10 +5128,6 @@ rb_call0(klass, recv, id, oid, argc, arg b2 = body = body->nd_next; if (NOEX_SAFE(flags) > ruby_safe_level) { - if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) { - rb_raise(rb_eSecurityError, "calling insecure method: %s", - rb_id2name(id)); - } safe = ruby_safe_level; ruby_safe_level = NOEX_SAFE(flags); }