On Thu, 30 Oct 2003 09:43:18 +0900
In article <20031030094217.EBDD.USA / osb.att.ne.jp>
[Re: [BUG] system() isn't safe on win32]
"U.Nakamura" <usa / osb.att.ne.jp> wrote:

> | |This ruby one-liner
> | |
> | |   ruby -ve "$SAFE = 5; system 'echo Was able to run an arbitrary command
> | |   in safe mode.'"
> | |
> | |produces this scary result:
> | |
> | |   ruby 1.8.0 (2003-08-04) [i386-mswin32]
> | |   Was able to run an arbitrary command in safe mode.
> | |
> | |IMHO this effectively disables all the security which $SAFE ought to 
> | |give you and should be fixed in the ruby interpreter.
> | 
> | It shouldn't happen.  Does anyone confirm this?
> 
> It's bug of mswin32 (and mingw32, bccwin32). Sorry.
> I've fixed it on CVS.

これだと human68k と DJGPP で直ってないかと。

Index: process.c
===================================================================
RCS file: /src/ruby/process.c,v
retrieving revision 1.88
diff -p -u -2 -r1.88 process.c
--- process.c   30 Oct 2003 00:34:30 -0000      1.88
+++ process.c   30 Oct 2003 08:12:06 -0000
@@ -976,6 +976,6 @@ rb_f_system(argc, argv)

     if (argc == 1 && prog == 0) {
-#if defined(_WIN32)
        SafeStringValue(argv[0]);
+#if defined(_WIN32)
        status = do_spawn(P_WAIT, RSTRING(argv[0])->ptr);
 #else



--[ Tietew ]-------------------------------------------------------
Mail: tietew / tietew.net / tietew / raug.net
Web : http://www.tietew.net/  (Tietew Windows Lab.)
PGP fingerprint: 26CB 71BB B595 09C4 0153  81C4 773C 963A D51B 8CAA