On Thu, May 15, 2014 at 7:45 AM,  <akr / fsij.org> wrote:
> Issue #9842 has been reported by Akira Tanaka.
>
> ----------------------------------------
> Feature #9842: system configuration variables (sysconf(), confstr(), pathconf() and fpathconf())
> https://bugs.ruby-lang.org/issues/9842
>
> * Author: Akira Tanaka
> * Status: Open
> * Priority: Normal
> * Assignee:
> * Category:
> * Target version:
> ----------------------------------------
> How about providing methods to obtain system configuration variables?
>
> POSIX defines sysconf(), confstr(), pathconf() and fpathconf().
> I implemented following methods in ext/etc.
>
> * Etc.sysconf(name)
> * Etc.confstr(name)
> * IO.pathconf(name)
> * IO#pathconf(name)
>
> POSIX defines some names.
> Various operating sysmtems define additional names.
>
> They can be used as follows:
>
> ```
> Etc.sysconf(Etc::SC_ARG_MAX) #=> 2097152
> Etc.sysconf(Etc::SC_NPROCESSORS_ONLN) #=> 4
> Etc.confstr(Etc::CS_PATH) #=> "/bin:/usr/bin"
> Etc.confstr(Etc::CS_GNU_LIBC_VERSION) #=> "glibc 2.18"
> IO.pathconf("/", Etc::PC_NAME_MAX) #=> 255

Please drop this. This is broken by design. If an attacker create a
symlink which point
to FAT file system on the same place, IO.patchconf(PC_NAME_MAX) may return very
small size and might lead to security issue.

http://womble.decadent.org.uk/readdir_r-advisory.html


Or, at least, we need loooong document why you need much care about IO.pathconf.


> open("/") {|f| p f.pathconf(Etc::PC_TIMESTAMP_RESOLUTION) } #=> 1
> ```
>
> I implemented them in ext/etc because I interpreted "etc" as
> system configuration.
>
> Any idea?
>
>
> ---Files--------------------------------
> sysconf-confstr-pathconf.patch (13 KB)
>
>
> --
> https://bugs.ruby-lang.org/