Hi all,

This is a summary of ruby-dev ML these days.


[ruby-dev:24106] return value of Process.daemon

  Now Process.daemon is implemented in Ruby HEAD branch, but
  Tanaka Akira, who made the request of this method in
  [ruby-dev:24030], suggested that Process.daemon should return
  nil, not 0, on the contrary of current implementation.

  Matz told his opinion that methods coresponding with
  system calls or library functions should return
  their return values without any change.


[ruby-dev:24140] CGI::Session has security problem?

  Takahiro Kambe introduced Debian Security Advisory DSA 537-1
  (http://www.debian.org/security/).  The document is about
  Vulnerability of insecure file permissions.

  Matz answered that Ruby 1.8.2, 1.6.8 on CVS and HEAD are fixed,
  but he thought any CGI scripts using CGI::Session should use
  umask, because they cannot explicitly define file permissions of
  new files created by fopen(3) without umask.


[ruby-dev:24143] problem in execution of external command in here document

  Tome reported the problem of external command execution in here document
  on mswin32.

    #bad
    p <<`EOC`
    ls.exe
    EOC

    #good
    p `ls.exe`

  This problem is because the interpreter tries to execute
  "ls.exe\n" without chomp "\n", but Windows shell cannot treat
  it.

  U.Nakamura promised that he'll add something to handle this
  problem.


[ruby-dev:24156] CGI::Session::FileStore should not use Dir::tmpdir

  Shugo Maeda pointed out the problem of CGI::Session::FileStore.
  The module used Dir::tmpdir as default value of parameter 'tmpdir'.
  Suppose Dir::tmpdir is '/tmp', users which have permissions to
  login the server can see session file's name, so he can know
  session ids without opening session files.

  Shugo gave the idea from IRC that increase the length of
  session id and put the remains into its file.
  Matz showed other solution to use one-way function once more
  to convert session id into filename.


Regards,

TAKAHASHI 'Maki' Masayoshi     E-mail: maki / rubycolor.org