From: shugo@... Date: 2014-03-03T09:59:37+00:00 Subject: [ruby-core:61251] [ruby-trunk - Bug #9588] program name variables tainted Issue #9588 has been updated by Shugo Maeda. Jan Rusnacko wrote: > [jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb > $0: ./tainted.rb, tainted? false > __FILE__: ./tainted.rb, tainted? true > $PROGRAM_NAME: ./tainted.rb, tainted? false I guess it's a regression introduced in r20656. Or did you mean not to taint $0, Yugui? ---------------------------------------- Bug #9588: program name variables tainted https://bugs.ruby-lang.org/issues/9588#change-45591 * Author: Jan Rusnacko * Status: Open * Priority: Normal * Assignee: * Category: * Target version: * ruby -v: 1.8.7, 1.9.3, 2.0.0 * Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN ---------------------------------------- I have noticed inconsistency in taint flag of program name: [jrusnack@dhcp-31-42 ruby-safe]$ cat tainted.rb #!/usr/bin/env ruby puts "$0: #{$0}, tainted? #{$0.tainted?}" puts "__FILE__: #{__FILE__}, tainted? #{__FILE__.tainted?}" puts "$PROGRAM_NAME: #{$PROGRAM_NAME}, tainted? #{$PROGRAM_NAME.tainted?}" [jrusnack@dhcp-31-42 ruby-safe]$ rvm use 1.8.7 Using /home/jrusnack/.rvm/gems/ruby-1.8.7-p374 [jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb $0: ./tainted.rb, tainted? true __FILE__: ./tainted.rb, tainted? false $PROGRAM_NAME: ./tainted.rb, tainted? true [jrusnack@dhcp-31-42 ruby-safe]$ rvm use 1.9.3 Using /home/jrusnack/.rvm/gems/ruby-1.9.3-p484 [jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb $0: ./tainted.rb, tainted? false __FILE__: ./tainted.rb, tainted? true $PROGRAM_NAME: ./tainted.rb, tainted? false [jrusnack@dhcp-31-42 ruby-safe]$ rvm use 2.0.0 Using /home/jrusnack/.rvm/gems/ruby-2.0.0-p353 [jrusnack@dhcp-31-42 ruby-safe]$ ./tainted.rb $0: ./tainted.rb, tainted? false __FILE__: ./tainted.rb, tainted? true $PROGRAM_NAME: ./tainted.rb, tainted? false -- http://bugs.ruby-lang.org/