2006/10/17, Hadmut Danisch <hadmut / danisch.de>:
> Hi,
>
> On Tue, Oct 17, 2006 at 12:11:55AM +0900, Nobuyoshi Nakada wrote:
> >
> > OK, it is a bug related to taint flag of shared string.
> >
> > -     str2 = rb_str_new3(rb_str_new4(str));
> > +     str2 = rb_str_new4(str);
> > +     FL_UNSET(str2, FL_TAINT);
> > +     str2 = rb_str_new3(str2);
>
>
> Many thanks.
>
> What exactly is the result of this patch? The security behaviour of
> ruby functions should be defined and documented much more precisely.
>
>
> IMHO the results of regexp matching (which includes all results like
> $1,$2,..., $' $´ and the boolean value) should be tainted if and only
> if either the input string or the pattern is tainted.
>
> Is this the case?
>
>
> regards
> Hadmut
>
>
>
>
>
>


-- 
なかだです。

-- 
--- 僕の前にBugはない。
--- 僕の後ろにBugはできる。
    中田 伸悦