[#5711] Lexic confusion: method/local variable distinction works strange — noreply@...
Bugs item #2371, was opened at 2005-09-04 00:40
Hi,
Mine is 1.8.2 and it does raise syntax error.
[#5732] Re: Ruby development issue tracking will go to basecamp — ville.mattila@...
[#5737] returning strings from methods/instance_methods — TRANS <transfire@...>
I was just wondering why with #methods and #instance_methods, it was
Hi,
On 9/8/05, Yukihiro Matsumoto <matz@ruby-lang.org> wrote:
Yukihiro Matsumoto <matz@ruby-lang.org> writes:
On Fri, 9 Sep 2005, Christian Neukirchen wrote:
[#5750] File.split edge cases — "Berger, Daniel" <Daniel.Berger@...>
Hi all,
Hi,
nobuyoshi nakada wrote:
Hi,
Yukihiro Matsumoto wrote:
Hi,
Yukihiro Matsumoto wrote:
[#5781] array sharing — Eric Mahurin <eric_mahurin@...>
This is my first time poking around in the ruby source code, so
[#5786] Difference between class declarations — Peter Vanbroekhoven <calamitas@...>
Hi,
Hi,
On 9/15/05, nobu.nokada@softhome.net <nobu.nokada@softhome.net> wrote:
[#5796] proposed attr writer patch — Daniel Berger <Daniel.Berger@...>
Hi all,
Hi,
Daniel Berger wrote:
James Britt <ruby@jamesbritt.com> writes:
On Sun, 18 Sep 2005, Christian Neukirchen wrote:
[#5798] Makefile error in OpenSLL extension (on Windows) — noreply@...
Bugs item #2472, was opened at 2005-09-16 18:56
Hi,
This is the just released 1.8.3 preview2.
Hi,
No, win32/Makefile.sub doe not contain those two lines.
Hi,
On 9/18/05, nobu.nokada@softhome.net <nobu.nokada@softhome.net> wrote:
Hi,
On 9/18/05, nobu.nokada@softhome.net <nobu.nokada@softhome.net> wrote:
[#5844] Ruby 1.8.3 released — Yukihiro Matsumoto <matz@...>
Hello Rubyists,
[#5848] Re: RubyGems in Ruby HEAD — Hugh Sasse <hgs@...>
On Wed, 21 Sep 2005, Chad Fowler wrote:
[#5851] Re: RubyGems in Ruby HEAD — Paul van Tilburg <paul@...>
Hi all,
I don't know if I can post to all those lists, but I'll leave them
Paul van Tilburg wrote:
Marc Dequ竪nes (Duck) wrote:
On 9/22/05, mathew <meta@pobox.com> wrote:
On 9/23/05, Pascal Terjan <pterjan@gmail.com> wrote:
On 9/23/05, Austin Ziegler <halostatue@gmail.com> wrote:
[#5882] Re: RubyGems TODO — Austin Ziegler <halostatue@...>
Okay. I said in the main thread on ruby-core that I'm putting together a
On 9/22/05, Austin Ziegler <halostatue@gmail.com> wrote:
[#5888] Re: RubyGems TODO — Mauricio Fern疣dez <mfp@...>
On Thu, Sep 22, 2005 at 11:46:18AM +0900, Chad Fowler wrote:
[#5898] Delegate and Forwardable Documentation — James Edward Gray II <james@...>
I've tried to send these files through a couple of times now with
On Sep 22, 2005, at 9:02 AM, James Edward Gray II wrote:
On Sep 22, 2005, at 11:53 AM, James Edward Gray II wrote:
Hi,
On Sep 23, 2005, at 10:54 AM, Yukihiro Matsumoto wrote:
Hi,
On Sep 23, 2005, at 12:31 PM, Yukihiro Matsumoto wrote:
Hi,
[#5901] Re: RubyGems TODO — "Jim Weirich" <jim@...>
>> On 21-Sep-05, at 7:17 PM, why the lucky stiff wrote:
[#5902] Vulnerability fixed in 1.8.3 — Yukihiro Matsumoto <matz@...>
Hi,
See below for a few grammar edits. As a separate issue, I would like
>>>>> "D" == Dominique Brezinski <dominique.brezinski@gmail.com> writes:
Yes, I can read it. You know, there are these things called
On 22 Sep 2005, at 09:36, Dominique Brezinski wrote:
On 9/22/05, Eric Hodel <drbrain@segment7.net> wrote:
[#5921] Mutually dependent libs double loading. — TRANS <transfire@...>
I'm on Ruby 1.8.2.
TRANS wrote:
On 9/22/05, Florian Gro<florgro@gmail.com> wrote:
I'm very suprised I have not gotten an official answer about this. Is
On Sat, 24 Sep 2005, TRANS wrote:
[#5966] $SAFE=4 is still dangerous to use as a sandbox — URABE Shyouhei <s-urabe@...>
This issue has been discussed at security@ruby-lang.org, but matz told
[#5975] segmentation fault on require 'yaml' — Ralph Amissah <ralph.amissah@...>
Status: Open
[#5985] Finally an answer to my RubyGems question and some small suggestions — TRANS <transfire@...>
I appreciate those that attempted to offer me some info on this issue.
On 9/25/05, TRANS <transfire@gmail.com> wrote:
On 9/26/05, Austin Ziegler <halostatue@gmail.com> wrote:
On 9/26/05, TRANS <transfire@gmail.com> wrote:
On 9/26/05, Austin Ziegler <halostatue@gmail.com> wrote:
On 9/26/05, TRANS <transfire@gmail.com> wrote:
On 9/26/05, Austin Ziegler <halostatue@gmail.com> wrote:
[#6001] Require Namepaces and RubyGems' effect on LoadPath problem — TRANS <transfire@...>
I've added namespaces to require. Works like this:
On 9/26/05, TRANS <transfire@gmail.com> wrote:
On 9/26/05, Austin Ziegler <halostatue@gmail.com> wrote:
On 9/26/05, TRANS <transfire@gmail.com> wrote:
On 9/26/05, Austin Ziegler <halostatue@gmail.com> wrote:
TRANS wrote:
Sorry for the delay. I was working hard on an improved implementation.
On 9/29/05, TRANS <transfire@gmail.com> wrote:
On 9/29/05, Austin Ziegler <halostatue@gmail.com> wrote:
On 9/29/05, TRANS <transfire@gmail.com> wrote:
On 9/29/05, Austin Ziegler <halostatue@gmail.com> wrote:
Quoting halostatue@gmail.com, on Tue, Sep 27, 2005 at 06:02:07AM +0900:
On 9/26/05, Sam Roberts <sroberts@uniserve.com> wrote:
Quoting halostatue@gmail.com, on Tue, Sep 27, 2005 at 10:29:17AM +0900:
On Sep 26, 2005, at 8:54 PM, Sam Roberts wrote:
Quoting james@grayproductions.net, on Tue, Sep 27, 2005 at 11:06:01AM +0900:
On 9/26/05, Sam Roberts <sroberts@uniserve.com> wrote:
Quoting halostatue@gmail.com, on Tue, Sep 27, 2005 at 11:49:14AM +0900:
On 9/27/05, Sam Roberts <sroberts@uniserve.com> wrote:
> Right now, they're watching people who have pretty much sat on the side
On 9/27/05, Ralph Amissah <ralph.amissah@gmail.com> wrote:
I'll greatly weaken my post, and give everyone the opportunity to head me
On Wed, 28 Sep 2005, Ralph Amissah wrote:
Hello,
On Wednesday 28 September 2005 07:35 pm, Mauricio Fern疣dez wrote:
On Thu, Sep 29, 2005 at 09:46:45AM +0900, Jim Weirich wrote:
On Sat, Oct 01, 2005 at 12:22:33AM +0900, Jim Weirich wrote:
Hi --
On 9/26/05, Sam Roberts <sroberts@uniserve.com> wrote:
On Monday 26 September 2005 22:41, Austin Ziegler wrote:
On Wed, 28 Sep 2005, Sean E. Russell wrote:
On Wednesday 28 September 2005 08:54, Hugh Sasse wrote:
On Mon, 10 Oct 2005, Sean E. Russell wrote:
Ok, in an attempt to reduce clutter, I'm responding to several people in one
On Monday 26 September 2005 21:29, Austin Ziegler wrote:
On Wed, 2005-09-28 at 20:56 +0900, Sean E. Russell wrote:
Tom Copeland wrote:
On Wednesday 28 September 2005 12:02, James Britt wrote:
On 9/28/05, Sean E. Russell <ser@germane-software.com> wrote:
On 9/28/05, Austin Ziegler <halostatue@gmail.com> wrote:
On 9/28/05, Dominique Brezinski <dominique.brezinski@gmail.com> wrote:
For what it is worth, I live life behind an authenticated proxy, so I
I have got gems to work from behind an authenticated proxy.
On 9/28/05, Jim Freeze <jim@freeze.org> wrote:
Ah, yes, but many proxies require credentials for each new HTTP
On Wednesday 28 September 2005 08:43, Austin Ziegler wrote:
On Fri, 30 Sep 2005, Sean E. Russell wrote:
On 9/30/05, David A. Black <dblack@wobblini.net> wrote:
[#6004] Problem with 1.8.3, extensions — Daniel Berger <Daniel.Berger@...>
Hi all,
[#6009] Re: ruby 1.8.3 (2005-09-21) [i486-linux] sisu segfault — Ralph Amissah <ralph.amissah@...>
(i) correction, segfault is with official ruby 1.8.3 (2005-09-21), not
[sorry for duplicate post]
>>>>> "R" == Ralph Amissah <ralph.amissah@gmail.com> writes:
On 9/27/05, ts <decoux@moulon.inra.fr> wrote:
>>>>> "R" == Ralph Amissah <ralph.amissah@gmail.com> writes:
>>>>> "t" == ts <decoux@moulon.inra.fr> writes:
In article <200509291419.j8TEJYid015419@moulon.inra.fr>,
>>>>> "T" == Tanaka Akira <akr@m17n.org> writes:
ruby 1.8.3 (2005-09-29)
the segfault has returned with the latest ruby build
>>>>> "R" == Ralph Amissah <ralph.amissah@gmail.com> writes:
[#6038] make warning from 1.8.3 — Daniel Berger <Daniel.Berger@...>
Solaris 10
[#6057] YAML loading of quoted Symbols broken in 1.8.3 — noreply@...
Bugs item #2535, was opened at 2005-09-28 11:50
At 01:58 +0900 29 Sep 2005, noreply@rubyforge.org wrote:
[#6076] Question about cgi.rb's read_multipart method and possible fix — "Zev Blut" <rubyzbibd@...>
Hello,
$SAFE=4 is still dangerous to use as a sandbox
This issue has been discussed at security@ruby-lang.org, but matz told
me it being appropiate to bring this into an open discussion, so I'm
writing this.
When you make a sandbox (for instance, you may want to execute a
user-generated unreliable code), some implementations can be taken. The
easiest way is to make a thread and let the safe level rise.
require 'timeout'
def sandbox(t) # :yields:
timeout(t) {
Thread.new {
$SAFE = 4
yield
}.join.value
}
rescue Exception
puts $!
abort
end
but this thread-and-safe-level menu is futile for some kind of DoS
attack, as I found this code:
sandbox(1) {
(l = lambda { Thread.new { l.call } while true }).call
}
can never exit with TimeoutError on some machine (at least mine).
My report for security@ruby-lang.org was that even you use forkedtimeout
(http://raa.ruby-lang.org/project/forkedtimeout/), there is a way to
escape from that child process and an evil process can live much longer
than we expected (even in $SAFE=4). I believe that bug will soon be
fixed so I won't tell any details, but the point is that $SAFE
protection is not sufficient to save us form some kind of attacks.
So the question is: how should we construct a sandbox that protect us
from evil codes? Or is it possible? Otherwise, what feature should be
added to (or removed form) the ruby? Once the bug I reported was fixed,
I think the safest way is that you use forkedtimeout along with
Process.setrlimit to restrict the consumption of resource, then raise
the safe level. Is this OK or have some trouble?
Thanks.