From: "charliesome (Charlie Somerville)" <charlie@...>
Date: 2013-01-31T11:15:48+09:00
Subject: [ruby-core:51770] [ruby-trunk - Bug #7759] Marshal.load is not documented to be dangerous


Issue #7759 has been updated by charliesome (Charlie Somerville).


> I've thought it's a common sense, isn't it?

You would imagine so, however I have seen a lot of code that does unmarshal untrusted data.

I will send an example to security@ruby-lang.org. Please note that I do not consider this a vulnerability in Ruby. Marshal is dangerous by design. This is an education problem - we need to document the fact that it is dangerous.
----------------------------------------
Bug #7759: Marshal.load is not documented to be dangerous
https://bugs.ruby-lang.org/issues/7759#change-35737

Author: charliesome (Charlie Somerville)
Status: Open
Priority: Normal
Assignee: 
Category: DOC
Target version: 2.0.0
ruby -v: ruby 2.0.0dev (2013-01-07 trunk 38733) [x86_64-darwin12.2.1]


=begin
Marshal.load is incredibly powerful, and also incredibly dangerous.

Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.

Marshal.load should be documented as dangerous and the documentation should also mention that it should only be used on trusted data.
=end


-- 
http://bugs.ruby-lang.org/