Project

General

Profile

Bug #5374

Weird SecurityError with ruby1.9, File.stat/Dir.glob and $SAFE=1

Added by 375gnu (Hleb Valoshka) almost 9 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Target version:
ruby -v:
ruby 1.9.2p180 (2011-02-18) [i386-mingw32]
Backport:
[ruby-core:39745]

Description

Preface.

I've tried to find workaroud for one GetText-Ruby bug with untainted data from Dir.glob (http://rubyforge.org//tracker/?func=detail&atid=3377&aid=28336&group_id=855).

Here it is (full text is in gettext-test.rb):

module GetText
class MOFile
alias :oldload :load
def load(arg)
arg = arg.dup.untaint if arg.kind_of? String
oldload(arg)
end
end
end

It works fine with ruby 1.8, but with 1.9 with debug enabled there is a
message about exception SecurityError:

Exception `SecurityError' at /usr/lib/ruby/1.9.1/gettext/runtime/mofile.rb:75 - Insecure operation - stat

The corresponding code is
74 begin
75 st = File.stat(arg)
76 @last_modified = [st.ctime, st.mtime]
77 rescue Exception
78 end

I've put line
warn "$SAFE == #{$SAFE}; arg.tainted? == #{arg.tainted?}"
before it, and it says:

$SAFE == 1; arg.tainted? == false

So why the exception is if arg is NOT tainted? Note: it was discovered on Debian
GNU/Linux box with 1.9.3preview1. Full log is in gettext-debian.log

Going further.

I've made very simple test program which mimics GetTExt-Ruby and workaround for
it, see test.rb in attachment.

This program was tested on Win32 box with 1.9.2-p180 and -p290.

Been run as "ruby -T1 test.rb u" output was clean. But been run as "ruby -T1
test.rb t" or "ruby -T1 test.rb t" is had an exception on files test1234.txt
and test12345.txt (see full test.log in attachment). 't' means "send tainted
object to function", 'u' means "send untainted", 'b' means "send tainted, then
untainted". But on Debian box it outputs NO error.

At last, I have run test for GetText on win box, and it failed with exception

Exception `SecurityError' at C:/fsc.tmp/gettext/runtime/locale_path.rb:90 - Insecure operation - glob

Log is in gettext-win.log

But whether Dir.glob is insecure with $SAFE==1?


Files

test.rb (891 Bytes) test.rb tests for File.stat with (un)tainted arg 375gnu (Hleb Valoshka), 09/28/2011 04:02 AM
test.log (4.77 KB) test.log output of test.rb on win32 375gnu (Hleb Valoshka), 09/28/2011 04:02 AM
gettext-test.rb (470 Bytes) gettext-test.rb test for gettext workaround 375gnu (Hleb Valoshka), 09/28/2011 04:02 AM
gettext-debian.log (1.73 KB) gettext-debian.log output of former rb on debian... 375gnu (Hleb Valoshka), 09/28/2011 04:02 AM
gettex-win.log (1.12 KB) gettex-win.log and on win32 375gnu (Hleb Valoshka), 09/28/2011 04:02 AM

Also available in: Atom PDF