Hi,

Sorry for mispost by misclick.

At Tue, 17 Oct 2006 16:18:39 +0900,
Hadmut Danisch wrote in [ruby-core:09211]:
> What exactly is the result of this patch? The security behaviour of
> ruby functions should be defined and documented much more precisely.

To make underlying shared string untainted, but the patch was wrong.

> IMHO the results of regexp matching (which includes all results like
> $1,$2,..., $' $? and the boolean value) should be tainted if and only
> if either the input string or the pattern is tainted.
>
> Is this the case?

It actually isn't related to regexp.  This code also shows the issue.

  (u = "abcdefghijklmn".taint[1..-1].untaint)
  p [u.tainted?, u[1..-1].tainted?]

-- 
Nobu Nakada