Hi,

In message "Re: [ruby-core:23256] File.expand_path tainting its return value"
    on Sun, 19 Apr 2009 23:31:45 +0900, Tom Epperly <tepperly / gmail.com> writes:

|METRICS_PATH = [ File.join(File.dirname(File.expand_path(__FILE__)),
|'fonts') ]
|File.expand_path taints its return, and this causes METRICS_PATH to be nil
|and PDF::Writer to fail.
|
|I am not a Ruby guru, but it seems to me very unintuitive that Ruby taints
|this result when it doesn't seem to depend on the value of any environment
|variables. The description of the operator implies that it should only use
|environment variables if a ~ appears in the string.

It's not expand_path but __FILE__ is tainted.  Ruby taints every data
that relies on external information, that includes path to the scripts
(__FILE__).  It cannot decide the path structure can be reliable or
not, so it takes safer side.  I could untaint __FILE if I could be
sure that any script cannot be fooled by __FILE__.  I haven't been
sure yet.


							matz.