From: djberg96@... Date: 2016-05-22T22:55:39+00:00 Subject: [ruby-core:75680] [Ruby trunk Bug#12410] Process.uid= validation and casting Issue #12410 has been updated by Daniel Berger. ruby -v set to ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15] ---------------------------------------- Bug #12410: Process.uid= validation and casting https://bugs.ruby-lang.org/issues/12410#change-58811 * Author: Daniel Berger * Status: Open * Priority: Normal * Assignee: * ruby -v: ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15] * Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN ---------------------------------------- OSX 10.11.4 Ruby 2.2.x and 2.3.x It seems that Ruby added the ability to use a string for Process.uid, which is nice. But, it has introduced inconsistency with regards to enforcement: > Process.uid = 'bogus' # ArgumentError: can't find user for bogus > Process.uid = 999999 # Does not raise an error, even though the uid is invalid Also, it seems there's some sort of casting bug for negative values: > Process.uid = -1 # -1 > Process.uid # 0 > Process.uid = -2 # -2 > Process.uid # 4294967294 While this is almost certainly an issue with the underlying C function (somewhat concerning), I think we should validate the values passed to `Process.uid=` (and similar methods) the same way we validate it for the string. Presumably a simple `getpwuid` check would work. -- https://bugs.ruby-lang.org/ Unsubscribe: