ruby-core

ko1@atdot.net wrote:
> Sorry for late response
> (because of my health problem and so on...)

No problem, I hope you feel better, soon.  Thank you for any
response you give :)

> I think we don't need to prepare frozen string table for tainted string because most of people don't use tainted strings. We need to measure the counts of that before commit it. If there are many of tainted strings, I need to change the mind...

Here is my measurement patch:

   https://80x24.org/spew/20170713025614.GB18169@starla/raw
   patch requires gcc for __attribute__((destructor))

It is frequent to have tainted strings when parsing YAML, HTTP
requests/responses from pure Ruby (webrick or net/http), and
email headers.

With "make install" and the measurement patch below, I get

	tainted hit: 102 new: 60 (total: 1280)

for the final line


Testing HTTP with webrick via rackup and 1000 requests:

server command: rackup -s webrick -o 127.0.0.1 config.ru
client command: ab -c 1 -v 1 -n 1000 -k http://127.0.0.1:9292/

==> config.ru <==
run(lambda do |env|
  env.each_key do |k|
    warn "#{k.inspect} (#{k.tainted?})\n"
  end
  [ 200, {'Content-Length' => -'0'}, [] ]
end)
===

After server exit, I get:

	tainted hit: 3996 new: 4 (total: 8001)

This is because these existing literals for HTTP headers sent
by ab also appear in the Rack source code:

	"HTTP_HOST", "HTTP_USER_AGENT", "HTTP_ACCEPT"

(I'm not sure where "HTTP_CONNECTION" appears in the source,
 actually, but that's also tainted from the Connection: header)

> If we have a few tainted objects, such complexity is not worth for us.

Understood.

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>