Project

General

Profile

Bug #9564

Tainted string permitted in Kernel.trap in safe level 1

Added by jrusnack (Jan Rusnacko) almost 7 years ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
all?
Backport:
[ruby-core:61080]

Description

According to the existing documentation (I am referring to Programming Ruby: The
Pragmatic Programmer's Guide at http://ruby-doc.com/docs/ProgrammingRuby/ and
The Ruby Programming Language by Flanagan, Matsumoto) Kernel.trap should not
accept a tainted string if $SAFE >= 1.

However, this is true only for $SAFE >= 2, and tainted signal string is accepted
in safe level 1:

signal = "SIGKILL".taint

Thread.start {
$SAFE = 1
# no exception
trap(signal) { puts 'foo'}
}.join

Thread.start {
$SAFE = 2
# throws SecurityError
trap(signal) { puts 'foo'}
}.join

Updated by usa (Usaku NAKAMURA) almost 7 years ago

Since r1827 (at Nov.13,2001), trap checks intentionally whether the block is tainted or not, but never checks the first parameter (signal name).
So, I guess that it's documentations' fault.

#2

Updated by jeremyevans0 (Jeremy Evans) over 1 year ago

  • Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN)
  • Status changed from Open to Rejected

Also available in: Atom PDF