[#48729] [ANN] ruby 2.0.0-preview1 released — Yusuke Endoh <mame@...>
Japanese later; 日本語はあとで
10 messages
2012/11/02
[#48977] Re: [ANN] ruby 2.0.0-preview1 released
— V咜 Ondruch <v.ondruch@...>
2012/11/06
Hi,
[#48979] Re: [ANN] ruby 2.0.0-preview1 released
— Yusuke Endoh <mame@...>
2012/11/06
Hello Vit,
[#48982] Re: [ANN] ruby 2.0.0-preview1 released
— V咜 Ondruch <v.ondruch@...>
2012/11/06
2012/11/6 Yusuke Endoh <mame@tsg.ne.jp>
[#48745] [ruby-trunk - Bug #7267][Open] Dir.glob on Mac OS X returns unexpected string encodings for unicode file names — "kennygrant (Kenny Grant)" <kennygrant@...>
17 messages
2012/11/02
[#48773] [ruby-trunk - Bug #7269][Open] Refinement doesn't work if using locate after method — "ko1 (Koichi Sasada)" <redmine@...>
12 messages
2012/11/03
[#48806] [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— "headius (Charles Nutter)" <headius@...>
2012/11/03
[#48808] Re: [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— SASADA Koichi <ko1@...>
2012/11/03
(2012/11/03 10:11), headius (Charles Nutter) wrote:
[#48810] Re: [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— SASADA Koichi <ko1@...>
2012/11/03
(2012/11/03 10:36), SASADA Koichi wrote:
[#48774] [ruby-trunk - Feature #4085] Refinements and nested methods — "shugo (Shugo Maeda)" <redmine@...>
3 messages
2012/11/03
[#48819] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
5 messages
2012/11/03
[#48820] [ruby-trunk - Bug #7271][Assigned] Refinement doesn't seem lexical — "ko1 (Koichi Sasada)" <redmine@...>
5 messages
2012/11/03
[#48847] [ruby-trunk - Bug #7274][Open] UnboundMethods should be bindable to any object that is_a?(owner of the UnboundMethod) — "rits (First Last)" <redmine@...>
21 messages
2012/11/04
[#48882] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
3 messages
2012/11/05
[#48964] [Backport93 - Backport #7285][Assigned] some failures on RubyInstaller CI — "usa (Usaku NAKAMURA)" <usa@...>
5 messages
2012/11/06
[#48988] [ruby-trunk - Feature #7292][Open] Enumerable#to_h — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
40 messages
2012/11/06
[#48997] [ruby-trunk - Feature #7297][Open] map_to alias for each_with_object — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
19 messages
2012/11/06
[#49018] [ruby-trunk - Feature #7299][Open] Ruby should not completely ignore blocks. — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
13 messages
2012/11/07
[#49068] [ruby-trunk - Feature #7299] Ruby should not completely ignore blocks.
— "matz (Yukihiro Matsumoto)" <matz@...>
2012/11/07
[#49078] Re: [ruby-cvs:44714] marcandre:r37544 (ruby_1_9_3): merge revisions r33453, r37542: — "U.Nakamura" <usa@...>
Hello,
4 messages
2012/11/08
[#49119] ID_ALLOCATOR ? — Roger Pack <rogerdpack2@...>
Hello.
10 messages
2012/11/08
[#49173] Re: ID_ALLOCATOR ?
— SASADA Koichi <ko1@...>
2012/11/09
Can I see ruby-prof code?
[#49174] Re: ID_ALLOCATOR ?
— Roger Pack <rogerdpack2@...>
2012/11/09
On Fri, Nov 9, 2012 at 11:14 AM, SASADA Koichi <ko1@atdot.net> wrote:
[#49196] [ruby-trunk - Feature #7322][Open] Add a new operator name #>< for bit-wise "exclusive or" — "alexeymuranov (Alexey Muranov)" <redmine@...>
18 messages
2012/11/10
[#49211] [ruby-trunk - Feature #7328][Open] Move ** operator precedence under unary + and - — "boris_stitnicky (Boris Stitnicky)" <boris@...>
20 messages
2012/11/11
[#49256] [ruby-trunk - Feature #7336][Open] Flexiable OPerator Precedence — "trans (Thomas Sawyer)" <transfire@...>
18 messages
2012/11/12
[#49267] [ruby-trunk - Feature #7340][Open] 'each_with' or 'into' alias for 'each_with_object' — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
8 messages
2012/11/12
[#49268] [ruby-trunk - Feature #7341][Open] Enumerable#associate — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
8 messages
2012/11/12
[#49282] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations. — "U.Nakamura" <usa@...>
Hello,
5 messages
2012/11/13
[#49284] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations.
— "U.Nakamura" <usa@...>
2012/11/13
Hello,
[#49292] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations.
— "NARUSE, Yui" <naruse@...>
2012/11/13
2012/11/13 U.Nakamura <usa@garbagecollect.jp>:
[#49298] [ruby-trunk - Feature #7346][Open] object(...) as syntax sugar for object.call(...) — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
7 messages
2012/11/13
[#49320] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
3 messages
2012/11/13
[#49328] [ruby-trunk - Bug #7349][Open] Struct#inspect needs more meaningful output — "postmodern (Hal Brodigan)" <postmodern.mod3@...>
6 messages
2012/11/14
[#49340] bugs.ruby-lang.org - 500 error — Luis Lavena <luislavena@...>
Hello,
6 messages
2012/11/14
[#49341] Re: bugs.ruby-lang.org - 500 error
— Joshua Ballanco <jballanc@...>
2012/11/14
I've been unable to access it since morning EET (about 6 hours now).
[#49342] Re: bugs.ruby-lang.org - 500 error
— Zachary Scott <zachary@...>
2012/11/14
It's almost 3am in Japan now, don't forget.
[#49343] Re: bugs.ruby-lang.org - 500 error
— Luis Lavena <luislavena@...>
2012/11/14
On Wed, Nov 14, 2012 at 2:46 PM, Zachary Scott <zachary@zacharyscott.net> wrote:
[#49354] review open pull requests on github — Zachary Scott <zachary@...>
Could we get a review on any open pull requests on github before the
12 messages
2012/11/15
[#49355] Re: review open pull requests on github
— "NARUSE, Yui" <naruse@...>
2012/11/15
2012/11/15 Zachary Scott <zachary@zacharyscott.net>:
[#49356] Re: review open pull requests on github
— Zachary Scott <zachary@...>
2012/11/15
Ok, I was hoping one of the maintainers might want to.
[#49382] Re: review open pull requests on github
— Marc-Andre Lafortune <ruby-core-mailing-list@...>
2012/11/15
I could add my eyes to monitor the github issues/pull requests, if only to
[#49387] Re: review open pull requests on github
— Luis Lavena <luislavena@...>
2012/11/15
On Thu, Nov 15, 2012 at 2:11 PM, Marc-Andre Lafortune
[#49388] Re: review open pull requests on github
— Zachary Scott <zachary@...>
2012/11/15
On Thu, Nov 15, 2012 at 1:01 PM, Luis Lavena <luislavena@gmail.com> wrote:
[#49391] Re: review open pull requests on github
— Marc-Andre Lafortune <ruby-core-mailing-list@...>
2012/11/15
On Thu, Nov 15, 2012 at 1:06 PM, Zachary Scott <zachary@zacharyscott.net>
[#49370] [ruby-trunk - Bug #7358][Open] Wrong fd redirection on fork — "felipec (Felipe Contreras)" <felipe.contreras@...>
6 messages
2012/11/15
[#49416] make check: missing psych — Ramkumar Ramachandra <artagnon@...>
Hi,
7 messages
2012/11/16
[#49418] Re: make check: missing psych
— Luis Lavena <luislavena@...>
2012/11/16
On Fri, Nov 16, 2012 at 9:58 AM, Ramkumar Ramachandra
[#49419] Re: make check: missing psych
— Ramkumar Ramachandra <artagnon@...>
2012/11/16
Luis Lavena wrote:
[#49463] [ruby-trunk - Feature #7375][Open] embedding libyaml in psych for Ruby 2.0 — "tenderlovemaking (Aaron Patterson)" <aaron@...>
21 messages
2012/11/16
[#49494] [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— "vo.x (Vit Ondruch)" <v.ondruch@...>
2012/11/17
[#49497] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Aaron Patterson <tenderlove@...>
2012/11/17
On Sun, Nov 18, 2012 at 03:05:50AM +0900, vo.x (Vit Ondruch) wrote:
[#49499] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— V咜 Ondruch <v.ondruch@...>
2012/11/17
Dne 17.11.2012 21:19, Aaron Patterson napsal(a):
[#49500] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Benoit Daloze <eregontp@...>
2012/11/17
On 17 November 2012 21:34, V咜 Ondruch <v.ondruch@gmail.com> wrote:
[#49524] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Yusuke Endoh <mame@...>
2012/11/18
Hello,
[#49468] [ruby-trunk - Feature #7378][Open] Adding Pathname#write — "aef (Alexander E. Fischer)" <aef@...>
6 messages
2012/11/17
[#49479] [ruby-trunk - Bug #7379][Open] Unexpected result of Kernel#gets on Windows 8 — "phasis68 (Heesob Park)" <phasis@...>
6 messages
2012/11/17
[#49518] [ruby-trunk - Bug #7383][Open] Use stricter cache check in load.c — "funny_falcon (Yura Sokolov)" <funny.falcon@...>
4 messages
2012/11/18
[#49536] [ruby-trunk - Feature #7388][Open] Object#embed — "zzak (Zachary Scott)" <zachary@...>
7 messages
2012/11/18
[#49543] [ruby-trunk - Feature #7390][Open] Funny Falcon Threads — "zzak (Zachary Scott)" <zachary@...>
4 messages
2012/11/18
[#49558] [ruby-trunk - Bug #7395][Open] Negative numbers can't be primes by definition — "zzak (Zachary Scott)" <zachary@...>
10 messages
2012/11/19
[#49868] How to stop spam from ruby-core — Heesob Park <phasis@...>
Hi,
5 messages
2012/11/22
[#49949] [ruby-trunk - Feature #7426][Assigned] Update Rdoc — "mame (Yusuke Endoh)" <mame@...>
10 messages
2012/11/24
[#50198] [ruby-trunk - Feature #7426] Update Rdoc
— "drbrain (Eric Hodel)" <drbrain@...7.net>
2012/11/27
[#50202] Re: [ruby-trunk - Feature #7426] Update Rdoc
— SASADA Koichi <ko1@...>
2012/11/27
(2012/11/27 13:33), drbrain (Eric Hodel) wrote:
[#50203] Re: [ruby-trunk - Feature #7426] Update Rdoc
— Luis Lavena <luislavena@...>
2012/11/27
On Tue, Nov 27, 2012 at 12:57 AM, SASADA Koichi <ko1@atdot.net> wrote:
[#50204] Re: [ruby-trunk - Feature #7426] Update Rdoc
— Eric Hodel <drbrain@...7.net>
2012/11/27
On Nov 26, 2012, at 10:09 PM, Luis Lavena <luislavena@gmail.com> wrote:
[#50092] [ruby-trunk - Feature #7434][Open] Allow caller_locations and backtrace_locations to receive negative params — "sam.saffron (Sam Saffron)" <sam.saffron@...>
21 messages
2012/11/25
[#50264] [ruby-trunk - Feature #7457][Open] GC.stat to return "allocated object count" and "freed object count" — "ko1 (Koichi Sasada)" <redmine@...>
5 messages
2012/11/28
[#50306] Towards a better process for changing Ruby — Magnus Holm <judofyr@...>
Hey folks,
11 messages
2012/11/29
[#50317] Re: Towards a better process for changing Ruby
— Yorick Peterse <yorickpeterse@...>
2012/11/29
What I'd like to see is primarily better communication and release
[#50320] Re: Towards a better process for changing Ruby
— Yusuke Endoh <mame@...>
2012/11/29
Hello Magnus,
[#50750] Re: Towards a better process for changing Ruby
— Magnus Holm <judofyr@...>
2012/12/11
Endoh-san,
[#50312] How to stop spam message from redmine.ruby-lang.org — Heesob Park <phasis@...>
HI,
7 messages
2012/11/29
[#50315] Re: How to stop spam message from redmine.ruby-lang.org
— "NARUSE, Yui" <naruse@...>
2012/11/29
Hi,
[#50372] [ruby-trunk - Bug #7476][Open] missing "IP_TRANSPARENT" constant for IP sockets. — "elico (Eliezer Croitoru)" <eliezer@...>
8 messages
2012/11/30
[#52809] [ruby-trunk - Feature #7476] missing "IP_TRANSPARENT" constant for IP sockets.
— "ko1 (Koichi Sasada)" <redmine@...>
2013/02/24
[#53889] Re: [ruby-trunk - Feature #7476] missing "IP_TRANSPARENT" constant for IP sockets.
— Tanaka Akira <akr@...>
2013/04/02
2013/2/24 ko1 (Koichi Sasada) <redmine@ruby-lang.org>:
[ruby-core:50064] [ruby-trunk - Bug #7325][Assigned] Marshal#load taints classes if they are referenced in a marsheled object
From:
"mame (Yusuke Endoh)" <mame@...>
Date:
2012-11-25 03:11:22 UTC
List:
ruby-core #50064
Issue #7325 has been updated by mame (Yusuke Endoh).
Status changed from Open to Assigned
Assignee set to shugo (Shugo Maeda)
Target version set to 2.0.0
Summarized:
p Integer.tainted? #=> false
Marshal.load(Marshal.dump(Integer).taint)
p Integer.tainted? #=> expected: false, actual: true
Indeed, it looks weird. Shugo-san, what do you think?
--
Yusuke Endoh <mame@tsg.ne.jp>
----------------------------------------
Bug #7325: Marshal#load taints classes if they are referenced in a marsheled object
https://bugs.ruby-lang.org/issues/7325#change-33844
Author: urielka (Uriel Katz)
Status: Assigned
Priority: Normal
Assignee: shugo (Shugo Maeda)
Category:
Target version: 2.0.0
ruby -v: ruby 1.9.3p327 (2012-11-10 revision 37606) [x86_64-linux]
=begin
= Reproducing steps:
ruby taint.rb
= Output of this script in my computer running 1.9.3-p327:
Before marshal is tainted?: false
After marshal is tainted?: true
Safe level when calling tainted method using call: 4
Safe level when calling tainted method directly: 0
= Expected:
MyObject#test shouldn't be tainted as it was defined in my own source and what was saved into the file is just a reference to MyObject class ("\u0004\bc\rMyObject")
= Actual:
MyObject#test is tainted and calling it using Method#call will make it run in safe-level 4.
= Some background on how I got to this issue:
I wrote some RPC code that accepts a class and method name and does the invocation,the way I call the method is getting the method from the instance using something like: "cls_instance.method(method_name).call"
I used Rails.cache with FileStore (which uses Marshal#load from file) to cache a object that had references to classes.
After reading from the cache all other requests saw the classes as tainted and when calling the methods they ran at $SAFE=4 which caused it to fail (even puts doesn't work at that level :)
This issue also made me understand that there is 2 potential bugs in Rails.
=end
--
http://bugs.ruby-lang.org/