Project

General

Profile

Actions

Bug #9564

closed

Tainted string permitted in Kernel.trap in safe level 1

Added by jrusnack (Jan Rusnacko) over 10 years ago. Updated over 5 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
all?
Backport:
[ruby-core:61080]

Description

According to the existing documentation (I am referring to Programming Ruby: The
Pragmatic Programmer's Guide at http://ruby-doc.com/docs/ProgrammingRuby/ and
The Ruby Programming Language by Flanagan, Matsumoto) Kernel.trap should not
accept a tainted string if $SAFE >= 1.

However, this is true only for $SAFE >= 2, and tainted signal string is accepted
in safe level 1:

signal = "SIGKILL".taint

Thread.start {
$SAFE = 1

no exception

trap(signal) { puts 'foo'}
}.join

Thread.start {
$SAFE = 2

throws SecurityError

trap(signal) { puts 'foo'}
}.join

Updated by usa (Usaku NAKAMURA) over 10 years ago

Since r1827 (at Nov.13,2001), trap checks intentionally whether the block is tainted or not, but never checks the first parameter (signal name).
So, I guess that it's documentations' fault.

Actions #2

Updated by jeremyevans0 (Jeremy Evans) over 5 years ago

  • Status changed from Open to Rejected
  • Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN)
Actions

Also available in: Atom PDF

Like0
Like0Like0