Bug #9588

program name variables tainted

Added by Jan Rusnacko about 1 year ago. Updated about 1 year ago.

[ruby-core:61250]
Status:Open
Priority:Normal
Assignee:-
ruby -v:1.8.7, 1.9.3, 2.0.0 Backport:1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN

Description

I have noticed inconsistency in taint flag of program name:

[jrusnack@dhcp-31-42 ruby-safe]$ cat tainted.rb
#!/usr/bin/env ruby
puts "$0: #{$0}, tainted? #{$0.tainted?}"
puts "FILE: #{FILE}, tainted? #{FILE.tainted?}"
puts "$PROGRAM_NAME: #{$PROGRAM_NAME}, tainted? #{$PROGRAM_NAME.tainted?}"

[jrusnack@dhcp-31-42 ruby-safe]$ rvm use 1.8.7
Using /home/jrusnack/.rvm/gems/ruby-1.8.7-p374

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0: ./tainted.rb, tainted? true
FILE: ./tainted.rb, tainted? false
$PROGRAM_NAME: ./tainted.rb, tainted? true

[jrusnack@dhcp-31-42 ruby-safe]$ rvm use 1.9.3
Using /home/jrusnack/.rvm/gems/ruby-1.9.3-p484

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0: ./tainted.rb, tainted? false
FILE: ./tainted.rb, tainted? true
$PROGRAM_NAME: ./tainted.rb, tainted? false

[jrusnack@dhcp-31-42 ruby-safe]$ rvm use 2.0.0
Using /home/jrusnack/.rvm/gems/ruby-2.0.0-p353

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0: ./tainted.rb, tainted? false
FILE: ./tainted.rb, tainted? true
$PROGRAM_NAME: ./tainted.rb, tainted? false

History

#1 Updated by Shugo Maeda about 1 year ago

Jan Rusnacko wrote:

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0: ./tainted.rb, tainted? false
FILE: ./tainted.rb, tainted? true
$PROGRAM_NAME: ./tainted.rb, tainted? false

I guess it's a regression introduced in r20656.
Or did you mean not to taint $0, Yugui?

#2 Updated by Shyouhei Urabe about 1 year ago

My expectation to tainted.rb output is what 1.8.7 outputs. This seems like a regression to me.

Also available in: Atom PDF