https://bugs.ruby-lang.org/https://bugs.ruby-lang.org/favicon.ico?17113305112014-03-03T09:59:37ZRuby Issue Tracking SystemRuby master - Bug #9588: program name variables taintedhttps://bugs.ruby-lang.org/issues/9588?journal_id=455912014-03-03T09:59:37Zshugo (Shugo Maeda)
<ul></ul><p>Jan Rusnacko wrote:</p>
<blockquote>
<pre><code>[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0: ./tainted.rb, tainted? false
__FILE__: ./tainted.rb, tainted? true
$PROGRAM_NAME: ./tainted.rb, tainted? false
</code></pre>
</blockquote>
<p>I guess it's a regression introduced in r20656.<br>
Or did you mean not to taint $0, Yugui?</p> Ruby master - Bug #9588: program name variables taintedhttps://bugs.ruby-lang.org/issues/9588?journal_id=455922014-03-03T10:59:30Zshyouhei (Shyouhei Urabe)shyouhei@ruby-lang.org
<ul></ul><p>My expectation to tainted.rb output is what 1.8.7 outputs. This seems like a regression to me.</p> Ruby master - Bug #9588: program name variables taintedhttps://bugs.ruby-lang.org/issues/9588?journal_id=793172019-07-12T02:01:23Zjeremyevans0 (Jeremy Evans)merch-redmine@jeremyevans.net
<ul><li><strong>Backport</strong> deleted (<del><i>1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN</i></del>)</li></ul><p>It looks like <code>$0</code>, <code>__FILE__</code>, and <code>$PROGRAM_NAME</code> have been not tainted since 2.1. I'm not sure if this is still considered a bug or not.</p> Ruby master - Bug #9588: program name variables taintedhttps://bugs.ruby-lang.org/issues/9588?journal_id=813352019-09-02T05:33:07Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/81335/diff?detail_id=54988">diff</a>)</li></ul> Ruby master - Bug #9588: program name variables taintedhttps://bugs.ruby-lang.org/issues/9588?journal_id=813362019-09-02T05:36:16Zko1 (Koichi Sasada)
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/16131">Feature #16131</a>: Remove $SAFE, taint and trust</i> added</li></ul> Ruby master - Bug #9588: program name variables taintedhttps://bugs.ruby-lang.org/issues/9588?journal_id=820102019-10-13T17:19:09Zjeremyevans0 (Jeremy Evans)merch-redmine@jeremyevans.net
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Closed</i></li></ul><p>As tainting will be removed from Ruby 2.7, this can be closed.</p>