Project

General

Profile

Actions
Copy link

Bug #9588

closed

program name variables tainted

Bug #9588: program name variables tainted

Added by jrusnack (Jan Rusnacko) over 11 years ago. Updated about 6 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
1.8.7, 1.9.3, 2.0.0
Backport:
[ruby-core:61250]

Description

I have noticed inconsistency in taint flag of program name:

[jrusnack@dhcp-31-42 ruby-safe]$ cat tainted.rb
#!/usr/bin/env ruby
puts "$0:            #{$0}, tainted? #{$0.tainted?}"
puts "__FILE__:      #{__FILE__}, tainted? #{__FILE__.tainted?}"
puts "$PROGRAM_NAME: #{$PROGRAM_NAME}, tainted? #{$PROGRAM_NAME.tainted?}"

[jrusnack@dhcp-31-42 ruby-safe]$ rvm use 1.8.7
Using /home/jrusnack/.rvm/gems/ruby-1.8.7-p374

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0:            ./tainted.rb, tainted? true
__FILE__:      ./tainted.rb, tainted? false
$PROGRAM_NAME: ./tainted.rb, tainted? true

[jrusnack@dhcp-31-42 ruby-safe]$ rvm use 1.9.3
Using /home/jrusnack/.rvm/gems/ruby-1.9.3-p484

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0:            ./tainted.rb, tainted? false
__FILE__:      ./tainted.rb, tainted? true
$PROGRAM_NAME: ./tainted.rb, tainted? false

[jrusnack@dhcp-31-42 ruby-safe]$ rvm use 2.0.0
Using /home/jrusnack/.rvm/gems/ruby-2.0.0-p353

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0:            ./tainted.rb, tainted? false
__FILE__:      ./tainted.rb, tainted? true
$PROGRAM_NAME: ./tainted.rb, tainted? false

Related issues 1 (0 open1 closed)

Related to Ruby - Feature #16131: Remove $SAFE, taint and trustClosedActions

Updated by shugo (Shugo Maeda) over 11 years ago Actions
Copy link
 #1 [ruby-core:61251]

Jan Rusnacko wrote:

[jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb
$0:            ./tainted.rb, tainted? false
__FILE__:      ./tainted.rb, tainted? true
$PROGRAM_NAME: ./tainted.rb, tainted? false

I guess it's a regression introduced in r20656.
Or did you mean not to taint $0, Yugui?

Updated by shyouhei (Shyouhei Urabe) over 11 years ago Actions
Copy link
 #2 [ruby-core:61252]

My expectation to tainted.rb output is what 1.8.7 outputs. This seems like a regression to me.

Updated by jeremyevans0 (Jeremy Evans) over 6 years ago Actions
Copy link
 #3 [ruby-core:93699]

  • Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN)

It looks like $0, __FILE__, and $PROGRAM_NAME have been not tainted since 2.1. I'm not sure if this is still considered a bug or not.

Updated by nobu (Nobuyoshi Nakada) about 6 years ago Actions
Copy link
 #4

  • Description updated (diff)

Updated by ko1 (Koichi Sasada) about 6 years ago Actions
Copy link
 #5

Updated by jeremyevans0 (Jeremy Evans) about 6 years ago Actions
Copy link
 #6 [ruby-core:95314]

  • Status changed from Open to Closed

As tainting will be removed from Ruby 2.7, this can be closed.

Actions
Copy link

Also available in: PDF Atom