[#84280] [Ruby trunk Bug#14181] hangs or deadlocks from waitpid, threads, and trapping SIGCHLD — nobu@...
Issue #14181 has been updated by nobu (Nobuyoshi Nakada).
3 messages
2017/12/15
[#84398] [Ruby trunk Bug#14220] WEBrick changes - failures on MSWIN, MinGW — Greg.mpls@...
Issue #14220 has been reported by MSP-Greg (Greg L).
3 messages
2017/12/22
[#84472] Re: [ruby-dev:50394] [Ruby trunk Bug#14240] warn four special variables: $; $, $/ $\ — Eric Wong <normalperson@...>
Shouldn't English posts be on ruby-core instead of ruby-dev?
3 messages
2017/12/26
[ruby-core:84531] [Ruby trunk Feature#14225] untaint hash key strings
From:
eregontp@...
Date:
2017-12-27 23:16:50 UTC
List:
ruby-core #84531
Issue #14225 has been updated by Eregon (Benoit Daloze). I think we should remove tainting as a whole along with $SAFE. Untainting automatically seems bad practice and counter-intuitive. ---------------------------------------- Feature #14225: untaint hash key strings https://bugs.ruby-lang.org/issues/14225#change-69059 * Author: normalperson (Eric Wong) * Status: Open * Priority: Normal * Assignee: * Target version: ---------------------------------------- Since we are working on deprecating and removing $SAFE for [Feature #5455], I propose untainting all string keys used for hashes in Ruby 2.6. It will make implementing [Feature #13725] (fstring dedupe of hash keys) easier. Furthermore, Perl (which I assume is the influence for tainting in Ruby) does not taint hash keys. In fact, perlsec(1) manpage states: "Hash keys are never tainted" cf. http://perldoc.perl.org/perlsec.html -- https://bugs.ruby-lang.org/ Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>