From: apollon+ruby@...
Date: 2015-06-16T15:00:18+00:00
Subject: [ruby-core:69610] [Ruby trunk - Bug #11269] [Open] ruby_init_setproctitle() should be called before require_libraries()

Issue #11269 has been reported by Apollon Oikonomopoulos.

----------------------------------------
Bug #11269: ruby_init_setproctitle() should be called before require_libraries()
https://bugs.ruby-lang.org/issues/11269

* Author: Apollon Oikonomopoulos
* Status: Open
* Priority: Low
* Assignee: 
* ruby -v: ruby 2.1.5p273
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
We have come across an issue where `setproctitle` fails to use the whole length of the process's initial environment. It turns out that this is because modules loaded using `-r` are processed before `ruby_init_setproctitle()`. This is easily reproducible using bundler, given the following test script under Linux:

~~~
File.open('/proc/self/cmdline') do |f|
  @argv_len = f.read.size
end

File.open('/proc/self/environ') do |f|
  @env_len = f.read.size
end

total = @argv_len + @env_len
$0 = 'a' * (total + 2) # should not overflow

File.open('/proc/self/environ') do |f|
  env = f.read
  puts env
  puts env.size
end
~~~

Calling the script directly, we see that setproctitle works correctly:

~~~
$ env -i A_VAR=some_value PATH=/bin:/usr/bin ruby test.rb 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
36
~~~

In this case setproctitle correctly overwrites the whole environment space available. However, if we require `bundler/setup` (which is what `bundle exec` essentially does), the following happens:

~~~
$ env -i A_VAR=some_value PATH=/bin:/usr/bin ruby -rbundler/setup test.rb
aaaaaaaaaaaaaaaPATH=/bin:/usr/bin
36
~~~

This is because `require 'bundler/setup'` is processed before `ruby_init_setproctitle()` is called and attempts to manipulate `PATH`. While doing so, the new `PATH` string is allocated on the heap and the original pointer in `environ` replaced, thus breaking `ruby_init_setproctitle()`'s expectation to find a contiguous environment block.

Perhaps `ruby_init_setproctitle()` can be called before `process_options()`, so that it can process the environment block before a library gets a chance of modifying it.



-- 
https://bugs.ruby-lang.org/