--001485f62a16d3ea2f0467f59c5e
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Just to note that __FILE__ is not tainted in ruby 1.8.6 (although it is
indeed in 1.9.1). File.expand_path and, in a similar way, Dir.pwd are
tainted.

On Sun, Apr 19, 2009 at 11:27 PM, Yukihiro Matsumoto <matz / ruby-lang.org>wrote:

> Hi,
>
> In message "Re: [ruby-core:23256] File.expand_path tainting its return
> value"
>     on Sun, 19 Apr 2009 23:31:45 +0900, Tom Epperly <tepperly / gmail.com>
> writes:
>
> |METRICS_PATH   File.join(File.dirname(File.expand_path(__FILE__)),
> |'fonts') ]
> |File.expand_path taints its return, and this causes METRICS_PATH to be nil
> |and PDF::Writer to fail.
> |
> |I am not a Ruby guru, but it seems to me very unintuitive that Ruby taints
> |this result when it doesn't seem to depend on the value of any environment
> |variables. The description of the operator implies that it should only use
> |environment variables if a ~ appears in the string.
>
> It's not expand_path but __FILE__ is tainted.  Ruby taints every data
> that relies on external information, that includes path to the scripts
> (__FILE__).  It cannot decide the path structure can be reliable or
> not, so it takes safer side.  I could untaint __FILE if I could be
> sure that any script cannot be fooled by __FILE__.  I haven't been
> sure yet.
>
>
>                                                        matz.
>
>

--001485f62a16d3ea2f0467f59c5e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Just to note that __FILE__ is not tainted in ruby 1.8.6 (although it is indeed in 1.9.1). File.expand_path and, in a similar way, Dir.pwd are tainted.<br><br><div class="gmail_quote">On Sun, Apr 19, 2009 at 11:27 PM, Yukihiro Matsumoto <span dir="ltr">&lt;matz / ruby-lang.org&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
<br>
In message &quot;Re: [ruby-core:23256] File.expand_path tainting its returnalue&quot;<br>
<div class="im">    𲰰    潢ᾦ<br>
|METRICS_PATH = [ File.join(File.dirname(File.expand_path(__FILE__)),<br>
|&#39;fonts&#39;) ]<br>
|File.expand_path taints its return, and this causes METRICS_PATH to be nil<br>
|and PDF::Writer to fail.<br>
|<br>
|I am not a Ruby guru, but it seems to me very unintuitive that Ruby taints<br>
|this result when it doesn&#39;t seem to depend on the value of any environment<br>
|variables. The description of the operator implies that it should only use<br>
|environment variables if a ~ appears in the string.<br>
<br>
</div>It&#39;s not expand_path but __FILE__ is tainted.   
that relies on external information, that includes path to the scripts<br>
(__FILE__).       
not, so it takes safer side.     
sure that any script cannot be fooled by __FILE__.   
sure yet.<br>
<br>
<br>
  
<br>
</blockquote></div><br>

--001485f62a16d3ea2f0467f59c5e--