From: Marc-Andre Lafortune <redmine@...>
Date: 2009-10-17T12:39:37+09:00
Subject: [ruby-core:26138] [Bug #2223] lib/delegate: security model?

Bug #2223: lib/delegate: security model?
http://redmine.ruby-lang.org/issues/show/2223

Author: Marc-Andre Lafortune
Status: Open, Priority: Normal
Category: lib
ruby -v: ruby 1.9.2dev (2009-10-17 trunk 25379) [x86_64-darwin10.0.0]

Take the following code:

require 'delegate'
cat = "cat"
dog = SimpleDelegator.new("dog")

cat.untrust
dog.untrust

lambda {$SAFE = 4; cat.upcase!}.call  # ==> "CAT"
lambda {$SAFE = 4; dog.upcase!}.call  # ==> Security Error



Is that expected?

Maybe #trust, #untrust, #taint and #untaint should both call 'super' and forward the call to __getobj__?

I'm even less sure as to what to do with #tainted? and #untrusted? for mixed cases (i.e. when self and __getobj__ have different taintedness/trust). Disallow these cases? return "super || __getobj__.tainted?" ?


----------------------------------------
http://redmine.ruby-lang.org