Hi,

just a question about the taint mechanism:


I am writing a ruby skript running under libapache-ruby, with $SAFE >
0 (2 I guess). 

I have a construct like





  $stderr.puts "Tainted #{param.tainted?}"
  case param
    # Addressrange
    when /^([\da-f\.:]+)\s*-\s*([\da-f\.:]+)$/i
      v,b=$1,$2
      $stderr.puts "Tainted #{param.tainted?} #{v.tainted?} #{b.tainted?}"


where param is untainted. This piece of code outputs

Tainted false
Tainted false true true

So although the value of param is untainted, the result of the regular
expression ($1 and $2) is tainted. 

Is that by intention?

regards
Hadmut