Feature #12410

Process.uid= validation and casting

Added by djberg96 (Daniel Berger) about 1 year ago. Updated 3 months ago.

Target version:


OSX 10.11.4
Ruby 2.2.x and 2.3.x

It seems that Ruby added the ability to use a string for Process.uid, which is nice. But, it has introduced inconsistency with regards to enforcement:

> Process.uid = 'bogus' # ArgumentError: can't find user for bogus
> Process.uid = 999999  # Does not raise an error, even though the uid is invalid

Also, it seems there's some sort of casting bug for negative values:

> Process.uid = -1 # -1
> Process.uid      # 0
> Process.uid = -2 # -2
> Process.uid      # 4294967294

While this is almost certainly an issue with the underlying C function (somewhat concerning), I think we should validate the values passed to Process.uid= (and similar methods) the same way we validate it for the string. Presumably a simple getpwuid check would work.


#1 [ruby-core:75680] Updated by djberg96 (Daniel Berger) about 1 year ago

  • ruby -v set to ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15]

#2 [ruby-core:80469] Updated by mirakui (Issei Naruta) 3 months ago

Wrote a patch for this ticket:
It validates the argument for Process#.uid= using getpwuid.

#3 [ruby-core:80470] Updated by sorah (Sorah Fukumori) 3 months ago

  • Tracker changed from Bug to Feature

Changing this ticket into a feature request because this request wants adding a new behavior into a existing method.

#4 [ruby-core:80475] Updated by naruse (Yui NARUSE) 3 months ago

  • Status changed from Open to Rejected

As follows, it looks because BSD id(1) handles the uid argument as 32bit integer.
(Note that GNU coreutils' id(1) doesn't allow negative argument)

% id -un -- -4294967296

Therefore this behavior is considered as unexpected behavior and Ruby shouldn't follow it.

Also available in: Atom PDF