--001485f62a16d3ea2f0467f59c5e Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Just to note that __FILE__ is not tainted in ruby 1.8.6 (although it is indeed in 1.9.1). File.expand_path and, in a similar way, Dir.pwd are tainted. On Sun, Apr 19, 2009 at 11:27 PM, Yukihiro Matsumoto <matz / ruby-lang.org>wrote: > Hi, > > In message "Re: [ruby-core:23256] File.expand_path tainting its return > value" > on Sun, 19 Apr 2009 23:31:45 +0900, Tom Epperly <tepperly / gmail.com> > writes: > > |METRICS_PATH File.join(File.dirname(File.expand_path(__FILE__)), > |'fonts') ] > |File.expand_path taints its return, and this causes METRICS_PATH to be nil > |and PDF::Writer to fail. > | > |I am not a Ruby guru, but it seems to me very unintuitive that Ruby taints > |this result when it doesn't seem to depend on the value of any environment > |variables. The description of the operator implies that it should only use > |environment variables if a ~ appears in the string. > > It's not expand_path but __FILE__ is tainted. Ruby taints every data > that relies on external information, that includes path to the scripts > (__FILE__). It cannot decide the path structure can be reliable or > not, so it takes safer side. I could untaint __FILE if I could be > sure that any script cannot be fooled by __FILE__. I haven't been > sure yet. > > > matz. > > --001485f62a16d3ea2f0467f59c5e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Just to note that __FILE__ is not tainted in ruby 1.8.6 (although it is indeed in 1.9.1). File.expand_path and, in a similar way, Dir.pwd are tainted.<br><br><div class="gmail_quote">On Sun, Apr 19, 2009 at 11:27 PM, Yukihiro Matsumoto <span dir="ltr"><matz / ruby-lang.org></span> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br> <br> In message "Re: [ruby-core:23256] File.expand_path tainting its returnalue"<br> <div class="im"> ¨ΒΣυξ¬ ±Ή Απ²°°Ή ²³Ί³±Ί΄µ «°Ή°°¬ ΤοΕππεςμ¦μτ»Όα θςεζ½ΆναιμτοΊτεππεςμωΐηναιμ®γονΆΎτεππεςμωΐηναιμ®γονΌ―αΎ¦ητχςιτεσΊΌβς<br> |METRICS_PATH = [ File.join(File.dirname(File.expand_path(__FILE__)),<br> |'fonts') ]<br> |File.expand_path taints its return, and this causes METRICS_PATH to be nil<br> |and PDF::Writer to fail.<br> |<br> |I am not a Ruby guru, but it seems to me very unintuitive that Ruby taints<br> |this result when it doesn't seem to depend on the value of any environment<br> |variables. The description of the operator implies that it should only use<br> |environment variables if a ~ appears in the string.<br> <br> </div>It's not expand_path but __FILE__ is tainted. ¨Βυβταιξτσ εφεςδαταΌβςΎ that relies on external information, that includes path to the scripts<br> (__FILE__). ¨Βγαξξοτ δεγιδε τθπατθ στςυγτυςγαβε ςεμιαβμε οςΌβςΎ not, so it takes safer side. ¨Β γουμυξταιξίίΖΙΜΕ ιζ γουμβεΌβςΎ sure that any script cannot be fooled by __FILE__. ¨Β θαφε³Ή»βεεξΌβςΎ sure yet.<br> <br> <br> ¨Βατϊ®ΌβςΎ <br> </blockquote></div><br> --001485f62a16d3ea2f0467f59c5e--