Issue #12410 has been reported by Daniel Berger.

----------------------------------------
Bug #12410: Process.uid= validation and casting
https://bugs.ruby-lang.org/issues/12410

* Author: Daniel Berger
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
OSX 10.11.4
Ruby 2.2.x and 2.3.x

It seems that Ruby added the ability to use a string for Process.uid, which is nice. But, it has introduced inconsistency with regards to enforcement:

    > Process.uid = 'bogus' # ArgumentError: can't find user for bogus
    > Process.uid = 999999  # Does not raise an error, even though the uid is invalid

Also, it seems there's some sort of casting bug for negative values:

    > Process.uid = -1 # -1
    > Process.uid      # 0
    > Process.uid = -2 # -2
    > Process.uid      # 4294967294

While this is almost certainly an issue with the underlying C function (somewhat concerning), I think we should validate the values passed to `Process.uid=` (and similar methods) the same way we validate it for the string. Presumably a simple `getpwuid` check would work.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>