[#87467] [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError — mofezilla@...
Issue #14841 has been reported by hirura (Hiroyuki URANISHI).
3 messages
2018/06/10
[#87515] [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError — hirura@...
Issue #14841 has been updated by hirura (Hiroyuki URANISHI).
7 messages
2018/06/19
[#87516] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— Eric Wong <normalperson@...>
2018/06/19
hirura@gmail.com wrote:
[#87517] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— Eric Wong <normalperson@...>
2018/06/19
Sorry, I left this out: If you can reproduce it again, can you
[#87519] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— hirura <hirura@...>
2018/06/19
Hi Eric,
[#87521] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— Eric Wong <normalperson@...>
2018/06/19
hirura <hirura@gmail.com> wrote:
[#87541] [Ruby trunk Feature#14859] [PATCH] implement Timeout in VM — normalperson@...
Issue #14859 has been reported by normalperson (Eric Wong).
4 messages
2018/06/21
[#87605] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been reported by k0kubun (Takashi Kokubun).
3 messages
2018/06/23
[#87614] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — normalperson@...
Issue #14867 has been updated by normalperson (Eric Wong).
4 messages
2018/06/23
[#87631] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been updated by k0kubun (Takashi Kokubun).
5 messages
2018/06/25
[#87635] Re: [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process
— Eric Wong <normalperson@...>
2018/06/25
takashikkbn@gmail.com wrote:
[#87665] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — eregontp@...
Issue #14867 has been updated by Eregon (Benoit Daloze).
4 messages
2018/06/28
[#87710] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — Greg.mpls@...
Issue #14867 has been updated by MSP-Greg (Greg L).
3 messages
2018/06/30
[ruby-core:87721] [Ruby trunk Bug#14060] SecurityError with $SAFE=1 when requiring an untainted path
From:
usa@...
Date:
2018-06-30 13:06:39 UTC
List:
ruby-core #87721
Issue #14060 has been updated by usa (Usaku NAKAMURA).
Backport changed from 2.3: DONTNEED, 2.4: REQUIRED to 2.3: DONTNEED, 2.4: DONE
ruby_2_4 r63807 merged revision(s) 60596,60599.
----------------------------------------
Bug #14060: SecurityError with $SAFE=1 when requiring an untainted path
https://bugs.ruby-lang.org/issues/14060#change-72741
* Author: philr3 (Phil Ross)
* Status: Closed
* Priority: Normal
* Assignee: nobu (Nobuyoshi Nakada)
* Target version:
* ruby -v: ruby 2.5.0preview1 (2017-10-10 trunk 60153) [x86_64-linux]
* Backport: 2.3: DONTNEED, 2.4: DONE
----------------------------------------
Calling `Kernel#require` with `$SAFE=1` on Ruby 2.5.0preview1 results in a `SecurityError` when the path being required is not tainted:
~~~ ruby
irb(main):001:0> RUBY_DESCRIPTION
=> "ruby 2.5.0preview1 (2017-10-10 trunk 60153) [x86_64-linux]"
irb(main):002:0> $SAFE=1
=> 1
irb(main):003:0> f='fileutils'
=> "fileutils"
irb(main):004:0> f.tainted?
=> false
irb(main):005:0> require f
SecurityError: Insecure operation - gem_original_require
from /home/philr/.rbenv/versions/2.5.0-preview1/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
from /home/philr/.rbenv/versions/2.5.0-preview1/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
from (irb):5
from /home/philr/.rbenv/versions/2.5.0-preview1/bin/irb:11:in `<main>'
irb(main):006:0> $:.find_all {|p| p.tainted? }
=> []
~~~
I would expect the `SecurityError` to be raised only when the path being required is tainted. For example, on Ruby 2.4.2:
~~~ ruby
irb(main):001:0> RUBY_DESCRIPTION
=> "ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux]"
irb(main):002:0> $SAFE=1
=> 1
irb(main):003:0> f='fileutils'
=> "fileutils"
irb(main):004:0> f.tainted?
=> false
irb(main):005:0> require f
=> true
irb(main):006:0> tainted_f = 'fileutils'.taint
=> "fileutils"
irb(main):007:0> tainted_f.tainted?
=> true
irb(main):008:0> require tainted_f
SecurityError: Insecure operation - gem_original_require
from /home/philr/.rbenv/versions/2.4.2/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /home/philr/.rbenv/versions/2.4.2/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from (irb):8
from /home/philr/.rbenv/versions/2.4.2/bin/irb:11:in `<main>'
~~~
--
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>