Issue #7325 has been updated by mame (Yusuke Endoh). Status changed from Open to Assigned Assignee set to shugo (Shugo Maeda) Target version set to 2.0.0 Summarized: p Integer.tainted? #=> false Marshal.load(Marshal.dump(Integer).taint) p Integer.tainted? #=> expected: false, actual: true Indeed, it looks weird. Shugo-san, what do you think? -- Yusuke Endoh <mame / tsg.ne.jp> ---------------------------------------- Bug #7325: Marshal#load taints classes if they are referenced in a marsheled object https://bugs.ruby-lang.org/issues/7325#change-33844 Author: urielka (Uriel Katz) Status: Assigned Priority: Normal Assignee: shugo (Shugo Maeda) Category: Target version: 2.0.0 ruby -v: ruby 1.9.3p327 (2012-11-10 revision 37606) [x86_64-linux] =begin = Reproducing steps: ruby taint.rb = Output of this script in my computer running 1.9.3-p327: Before marshal is tainted?: false After marshal is tainted?: true Safe level when calling tainted method using call: 4 Safe level when calling tainted method directly: 0 = Expected: MyObject#test shouldn't be tainted as it was defined in my own source and what was saved into the file is just a reference to MyObject class ("\u0004\bc\rMyObject") = Actual: MyObject#test is tainted and calling it using Method#call will make it run in safe-level 4. = Some background on how I got to this issue: I wrote some RPC code that accepts a class and method name and does the invocation,the way I call the method is getting the method from the instance using something like: "cls_instance.method(method_name).call" I used Rails.cache with FileStore (which uses Marshal#load from file) to cache a object that had references to classes. After reading from the cache all other requests saw the classes as tainted and when calling the methods they ran at $SAFE=4 which caused it to fail (even puts doesn't work at that level :) This issue also made me understand that there is 2 potential bugs in Rails. =end -- http://bugs.ruby-lang.org/