Issue #15417 has been reported by ioquatix (Samuel Williams).

----------------------------------------
Bug #15417: Pathname case insensitive comparison
https://bugs.ruby-lang.org/issues/15417

* Author: ioquatix (Samuel Williams)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
While fixing some issues with Pathname, I noticed the following comparison:

```
  SAME_PATHS = if File::FNM_SYSCASE.nonzero?
    # Avoid #zero? here because #casecmp can return nil.
    proc {|a, b| a.casecmp(b) == 0}
  else
    proc {|a, b| a == b}
  end
```

Firstly, this seems wrong to me because case sensitivity is per-mount not a global state for the entire system.

Secondly, it concerns me because sometimes this becomes security bug, e.g. path may or may not be the same, and could slip through some sanity check (e.g. git could checkout files to `.git` directory with case insensitive file system).

Unless string match exactly, we should leave it to file system to determine if the path is equivalent or not (e.g. in the case of `Pathname#relative_path_from`). Trying to be too clever might cause future pain.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>