>
>
> At Mon, 19 Aug 2002 03:34:53 +0900,
>  JamesBritt wrote:
> > $SAFE is at 1; trying to lower it raises an error.
> > The site runs ruby 1.6.7 (2002-07-11) [i386-freebsd4]
> >
> > How can I retrieve the last mod time of a file without raising security
> > errors?
> > untainintg the string variable holding the name of file doesn't
> help either.
>
> $ ruby-1.6 -e 's = "/etc/fstab".taint; $SAFE=1; p File.stat(s)'
> -e:1:in `stat': Insecure operation - stat (SecurityError)
>         from -e:1
> $ ruby-1.6 -e 's = "/etc/fstab".taint; $SAFE=1; s.untaint; p
> Fiile.stat(s)'
> #<File::Stat dev=5634, ino=32063, mode=33188, nlink=1, uid=0,
> gid=0, rdev=0, size=2285, blksize=4096, blocks=6,
> atime=Sun Aug 18 21:17:23 JST 2002,
> mtime=Sat Feb 09 22:57:27 JST 2002,
> ctime=Tue Feb 26 14:54:52 JST 2002>

Thanks.

I must confess, though, that I was wrong: untaint *does* solve the problem.
I had numerous places triggering the error, and wasn't watching the line
number change.


James

>
> --
> Nobu Nakada
>