Process.uid= validation and casting
Ruby 2.2.x and 2.3.x
It seems that Ruby added the ability to use a string for Process.uid, which is nice. But, it has introduced inconsistency with regards to enforcement:
> Process.uid = 'bogus' # ArgumentError: can't find user for bogus > Process.uid = 999999 # Does not raise an error, even though the uid is invalid
Also, it seems there's some sort of casting bug for negative values:
> Process.uid = -1 # -1 > Process.uid # 0 > Process.uid = -2 # -2 > Process.uid # 4294967294
While this is almost certainly an issue with the underlying C function (somewhat concerning), I think we should validate the values passed to
Process.uid= (and similar methods) the same way we validate it for the string. Presumably a simple
getpwuid check would work.
#4 [ruby-core:80475] Updated by naruse (Yui NARUSE) 3 months ago
- Status changed from Open to Rejected
As follows, it looks because BSD id(1) handles the uid argument as 32bit integer.
(Note that GNU coreutils' id(1) doesn't allow negative argument)
% id -un -- -4294967296 root
Therefore this behavior is considered as unexpected behavior and Ruby shouldn't follow it.