Actions
Bug #9564
closedTainted string permitted in Kernel.trap in safe level 1
Description
According to the existing documentation (I am referring to Programming Ruby: The
Pragmatic Programmer's Guide at http://ruby-doc.com/docs/ProgrammingRuby/ and
The Ruby Programming Language by Flanagan, Matsumoto) Kernel.trap should not
accept a tainted string if $SAFE >= 1.
However, this is true only for $SAFE >= 2, and tainted signal string is accepted
in safe level 1:
signal = "SIGKILL".taint
Thread.start {
$SAFE = 1
no exception¶
trap(signal) { puts 'foo'}
}.join
Thread.start {
$SAFE = 2
throws SecurityError¶
trap(signal) { puts 'foo'}
}.join
Updated by usa (Usaku NAKAMURA) over 10 years ago
Since r1827 (at Nov.13,2001), trap checks intentionally whether the block is tainted or not, but never checks the first parameter (signal name).
So, I guess that it's documentations' fault.
Updated by jeremyevans0 (Jeremy Evans) over 5 years ago
- Status changed from Open to Rejected
- Backport deleted (
1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN)
Actions
Like0
Like0Like0