Feature #2710
Kernel#load loads a relative path
| Status: | Assigned | Start date: | 02/04/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  akr (Akira Tanaka) |
% Done: | 0% |
|
| Category: | core | |||
| Target version: | 2.0.0 |
Description
It was my understanding that Kernel#require was changed to not load a relative path because of a security issue (http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/24155). Does this security issue not apply to Kernel#load, too? Have I misunderstood the expected behavior?
$ cat a.rb
puts 1
$ cat b.rb
load 'a.rb'
require 'a.rb'
$ ruby1.8.7 -v b.rb
ruby 1.8.7 (2009-12-24 patchlevel 248) [i686-darwin9.8.0]
1
1
$ ruby1.9 -v b.rb
ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0]
1
b.rb:2:in `require': no such file to load -- a.rb (LoadError)
from b.rb:2:in `<main>'
$ RUBYLIB=. ruby1.9 -v b.rb
ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0]
1
1
Thanks,
Brian
History
Updated by dolzenko (Evgeniy Dolzhenko) about 2 years ago
The same question here using ruby 1.9.2dev (2010-03-09 trunk 26858) [i686-linux], any update?
Updated by mame (Yusuke Endoh) about 2 years ago
- Assignee set to akr (Akira Tanaka)
Hi, akr, what do you think about this ticket? -- Yusuke Endoh <mame@tsg.ne.jp>
Updated by mame (Yusuke Endoh) about 2 years ago
- Target version changed from 1.9.2 to 2.0.0
Hi, akr said in [ruby-core:29715]: > I think Roger's idea (load() don't see the library load path) is good. Then, at least, the concern that this ticket is raising is not a bug. In addition, it is arguable (to me) whether or not the library load paths should be removed from load()'s search paths. At least, such a spec change is not acceptable for 1.9.2. Thus, I move this ticket to 1.9.x Feature tracker. -- Yusuke Endoh <mame@tsg.ne.jp>
Updated by shyouhei (Shyouhei Urabe) over 1 year ago
- Status changed from Open to Assigned