ruby-changes:10925
From: yugui <ko1@a...>
Date: Sun, 22 Feb 2009 13:30:35 +0900 (JST)
Subject: [ruby-changes:10925] Ruby:r22500 (ruby_1_9_1): merges r21917, r21955 and r21974 from trunk into ruby_1_9_1.
yugui 2009-02-22 13:30:22 +0900 (Sun, 22 Feb 2009) New Revision: 22500 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=22500 Log: merges r21917, r21955 and r21974 from trunk into ruby_1_9_1. * load.c (rb_require_safe): raises when the path to be loaded is tainted. [ruby-dev:37843] --- * file.c (rb_find_file_ext): should not be infected from other load paths. --- * adds a test case for r21955 and r21917. Modified files: branches/ruby_1_9_1/ChangeLog branches/ruby_1_9_1/file.c branches/ruby_1_9_1/load.c branches/ruby_1_9_1/test/ruby/test_require.rb Index: ruby_1_9_1/ChangeLog =================================================================== --- ruby_1_9_1/ChangeLog (revision 22499) +++ ruby_1_9_1/ChangeLog (revision 22500) @@ -1,3 +1,13 @@ +Mon Feb 2 17:05:55 2009 Nobuyoshi Nakada <nobu@r...> + + * file.c (rb_find_file_ext): should not be infected from other + load paths. + +Sat Jan 31 19:09:30 2009 Nobuyoshi Nakada <nobu@r...> + + * load.c (rb_require_safe): raises when the path to be loaded is + tainted. [ruby-dev:37843] + Mon Feb 2 08:12:50 2009 Nobuyoshi Nakada <nobu@r...> * lib/xmlrpc/server.rb (Server#serve): gets rid of hardcoded Index: ruby_1_9_1/load.c =================================================================== --- ruby_1_9_1/load.c (revision 22499) +++ ruby_1_9_1/load.c (revision 22500) @@ -554,13 +554,17 @@ rb_set_safe_level_force(safe); FilePathValue(fname); RB_GC_GUARD(fname) = rb_str_new4(fname); + rb_set_safe_level_force(0); found = search_required(fname, &path); if (found) { if (!path || !(ftptr = load_lock(RSTRING_PTR(path)))) { result = Qfalse; } else { - rb_set_safe_level_force(0); + if (safe > 0 && OBJ_TAINTED(path)) { + rb_raise(rb_eSecurityError, "cannot load from insecure path - %s", + RSTRING_PTR(path)); + } switch (found) { case 'r': rb_load(path, 0); Index: ruby_1_9_1/test/ruby/test_require.rb =================================================================== --- ruby_1_9_1/test/ruby/test_require.rb (revision 22499) +++ ruby_1_9_1/test/ruby/test_require.rb (revision 22500) @@ -195,4 +195,50 @@ assert_raise(ArgumentError) { at_exit } end + + def test_tainted_loadpath + t = Tempfile.new(["test_ruby_test_require", ".rb"]) + abs_dir, file = File.dirname(t.path), File.basename(t.path) + abs_dir = File.expand_path(abs_dir).untaint + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir + require "#{ file }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + require "#{ file }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + $SAFE = 1 + begin + require "#{ file }" + rescue SecurityError + p :ok + end + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + $SAFE = 1 + require "#{ t.path }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir << 'elsewhere'.taint + require "#{ file }" + p :ok + INPUT + end end Index: ruby_1_9_1/file.c =================================================================== --- ruby_1_9_1/file.c (revision 22499) +++ ruby_1_9_1/file.c (revision 22500) @@ -4551,6 +4551,7 @@ *filep = tmp; return j+1; } + FL_UNSET(tmp, FL_TAINT | FL_UNTRUSTED); } rb_str_set_len(fname, fnlen); } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/