ts <decoux / moulon.inra.fr> wrote:

>  Try with
> 
>   puts file.tainted?
>   puts "/Users/yt/man/eruby.html".tainted?
> 
> > /Users/yt/Sites/ruby/man-receive.rbx:54:in `exist?': Insecure operation
> > - exist? (SecurityError)
> 
>  man-receive.rbx run with '$SAFE = 1' and it's a security error to use
>  FileTest#exist? with a tainted object at this level
> 
> vgs% ruby -e 'name ="./ruby".taint; p FileTest.exist?(name)'
> true
> vgs%
>  
> vgs% ruby -e '$SAFE = 1; name ="./ruby".taint; p FileTest.exist?(name)'
> -e:1:in `exist?': Insecure operation - exist? (SecurityError)
>   from -e:1
> vgs% 

OK, thanks !
-- 
Une Bue