eval + taint problem

< ^ > P N |<>| ^ _>< --- | ~ ...Help

Should taint information be propagated around?
Shouldn't it also be propagated through eval?

--
Simon Strandgaard


value = 222
code = "value * 3"
code.taint
p code.tainted?
result = eval code
p result.tainted?  

server> ruby a.rb 
true
false




value = "evil"
p value.tainted?
code = "value.upcase!"
code.taint
p code.tainted?
eval code
p value.tainted? 

server> ruby a.rb
false
true
false