ruby-dev

まつもと ゆきひろです

In message "Re: [ruby-dev:27260] Re: 脆弱性レポート翻訳者募集"
    on Wed, 21 Sep 2005 15:03:58 +0900, Yukihiro Matsumoto <matz@ruby-lang.org> writes:
|
||非互換性を問題としているのではありません。
||
||一般的にパッケージ・システムを保守している立場からは、インストールされ
||るファイルの構成が変わるよりは、ポイントとなるソース・ファイルの変更だ
||けで済むと、素早い対応が可能と言えます。
||
||1.8.3に限っては、リリース間際にいろいろと修正や問題のメールが多かった
||ので、ほんとにstableなのかという若干の不安を感じている面もあります。
|
|1.8.2よりはマシという悲しい現実が...。まあ、いいです。いろい
|ろと仕事に追われているのですが、近いうちにパッチを作ります。

というわけで、パッチです。一応目視で確認してますし、いくつか
のプログラムを動作させてみましたが、普段から使うものではない
ので完全だと胸を張れないところが弱いです。

---
--- eval.c.orig	2004-12-18 11:07:29.000000000 +0900
+++ eval.c	2005-09-21 16:53:31.127896405 +0900
@@ -254,2 +254,7 @@
 
+#define NOEX_TAINTED 8
+#define NOEX_SAFE(n) ((n) >> 4)
+#define NOEX_WITH(n, v) ((n) | (v) << 4)
+#define NOEX_WITH_SAFE(n) NOEX_WITH(n, ruby_safe_level)
+
 void
@@ -346,3 +351,3 @@
     rb_clear_cache_by_id(mid);
-    body = NEW_METHOD(node, noex);
+    body = NEW_METHOD(node, NOEX_WITH_SAFE(noex));
     st_insert(RCLASS(klass)->m_tbl, mid, (st_data_t)body);
@@ -5458,3 +5463,3 @@
 static VALUE
-rb_call0(klass, recv, id, oid, argc, argv, body, nosuper)
+rb_call0(klass, recv, id, oid, argc, argv, body, flags)
     VALUE klass, recv;
@@ -5465,3 +5470,3 @@
     NODE *body;			/* OK */
-    int nosuper;
+    int flags;
 {
@@ -5472,2 +5477,3 @@
     TMP_PROTECT;
+    volatile int safe = -1;
 
@@ -5493,3 +5499,3 @@
     ruby_frame->orig_func = oid;
-    ruby_frame->last_class = nosuper?0:klass;
+    ruby_frame->last_class = (flags & NOEX_UNDEF)?0:klass;
     ruby_frame->self = recv;
@@ -5555,3 +5561,2 @@
 	    PUSH_SCOPE();
-
 	    if (body->nd_rval) {
@@ -5574,5 +5579,12 @@
 
+	    if (NOEX_SAFE(flags) > ruby_safe_level) {
+		if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+		    rb_raise(rb_eSecurityError, "calling insecure method: %s",
+			     rb_id2name(id));
+		}
+		safe = ruby_safe_level;
+		ruby_safe_level = NOEX_SAFE(flags);
+	    }
 	    PUSH_VARS();
 	    PUSH_TAG(PROT_FUNC);
-
 	    if ((state = EXEC_TAG()) == 0) {
@@ -5655,2 +5667,3 @@
 	    }
+	    if (safe >= 0) ruby_safe_level = safe;
 	    POP_TAG();
@@ -5742,3 +5755,3 @@
 
-    return rb_call0(klass, recv, mid, id, argc, argv, body, noex & NOEX_NOSUPER);
+    return rb_call0(klass, recv, mid, id, argc, argv, body, noex);
 }
@@ -8532,2 +8545,3 @@
     ID id, oid;
+    int safe_level;
     NODE *body;
@@ -8579,2 +8593,3 @@
     data->oid = oid;
+    data->safe_level = NOEX_WITH_SAFE(0);
     OBJ_INFECT(method, klass);
@@ -8663,2 +8678,3 @@
     data->oid = orig->oid;
+    data->safe_level = NOEX_WITH_SAFE(0);
     OBJ_INFECT(method, obj);
@@ -8784,4 +8800,3 @@
     struct METHOD *data;
-    int state;
-    volatile int safe = -1;
+    int safe;
 
@@ -8791,15 +8806,11 @@
     }
-    PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
-    PUSH_TAG(PROT_NONE);
     if (OBJ_TAINTED(method)) {
-	safe = ruby_safe_level;
-	if (ruby_safe_level < 4) ruby_safe_level = 4;
+        safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED;
     }
-    if ((state = EXEC_TAG()) == 0) {
-	result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,0);
+    else {
+	safe = data->safe_level;
     }
-    POP_TAG();
+    PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT);
+    result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,safe);
     POP_ITER();
-    if (safe >= 0) ruby_safe_level = safe;
-    if (state) JUMP_TAG(state);
     return result;

Thread

Prev Next

In This Thread

Prev Next

[#26934] safe level preserved in method — nobuyoshi nakada <nobuyoshi.nakada@...>

[#26935] __send__ in lib — nobuyoshi nakada <nobuyoshi.nakada@...>

[#26942] core dump with ripper — Tanaka Akira <akr@...17n.org>

[#26944] string.c中の文字検索 — Tadashi Saito <shiba@...2.accsnet.ne.jp>

[#26952] ripper problems. — Tanaka Akira <akr@...17n.org>

[#26954] Re: core dump with ripper — Yukihiro Matsumoto <matz@...>

[#26962] Re: about Ruby-GetText — Yukihiro Matsumoto <matz@...>

[#26963] sprintf does not warn in verbose mode. — sheepman <sheepman@...>

[#26964] ripper warnings — Tanaka Akira <akr@...17n.org>

[#26965] patch for RDoc about Module#class_variable_get — sheepman <sheepman@...>

[#26967] Tempfile.new("z").extend(M) — Tanaka Akira <akr@...17n.org>

[#26975] [proposal] ANSI style function — "H.Yamamoto" <ocean@...2.ccsnet.ne.jp>

[#26984] elimination of "extern int errno;" — Takahiro Kambe <taca@...>

[#27044] test errors and failures — nobuyoshi nakada <nobuyoshi.nakada@...>

[#27051] fail on test/rss — "H.Yamamoto" <ocean@...2.ccsnet.ne.jp>

[#27062] test/net/http/test_https_proxy.rb doesn't finish — Tanaka Akira <akr@...17n.org>

[#27077] select pipe support on native Win32 — "U.Nakamura" <usa@...>

[#27097] ruby-cvsのSubject — Kazuhiro NISHIYAMA <zn@...>

[#27102] Re: Welcome to our (ruby developers list) You are added automatically — MIYAMUKO Katsuyuki <miyamuko@...>

[#27105] Dir.glob delimiter — nobuyoshi nakada <nobuyoshi.nakada@...>

[#27111] compile error on hp-ux — MIYAMUKO Katsuyuki <miyamuko@...>

[#27122] flock and ^C — Tanaka Akira <akr@...17n.org>

[#27123] test/socket/test_tcp.rb blocks on NetBSD — Tanaka Akira <akr@...17n.org>

[#27127] can't convert Pathname into String — Tanaka Akira <akr@...17n.org>

[#27129] 1/2 under mathn — Tanaka Akira <akr@...17n.org>

[#27132] BasicSocket#send and ^C — Tanaka Akira <akr@...17n.org>

[#27133] core dump with win32ole — Masaki Suketa <masaki.suketa@...>

[#27134] syswrite and ^C — Tanaka Akira <akr@...17n.org>

[#27136] prohibit calling tainted method — sheepman <sheepman@...>

[#27139] ruby-1.8.3 status for release — Masayoshi Takahashi <maki@...>

[#27140] [PATCH] File#chown(nil, nil) — Minero Aoki <aamine@...>

[#27141] Interix3 (SFU)サポート — Takahiro Kambe <taca@...>

[#27145] test_fileutils fail — sheepman <sheepman@...>

[#27150] test_readline.rb blocks on NetBSD. — Tanaka Akira <akr@...17n.org>

[#27152] File.expand_path(Pathname.new("a")) — Tanaka Akira <akr@...17n.org>

[#27156] close error smashes an exception in a block — Tanaka Akira <akr@...17n.org>

[#27185] PIPE_BUF is not defined — "H.Yamamoto" <ocean@...2.ccsnet.ne.jp>

[#27202] test_dbm and test_gdbm on FC4 — "NAKAMURA, Hiroshi" <nakahiro@...>

[#27226] world writable dir with sticky bit — sheepman <sheepman@...>

[#27233] yaml warnig in verbose mode — sheepman <sheepman@...>

[#27242] Ruby 1.8.3 released — Yukihiro Matsumoto <matz@...>

[#27248] glob from command line still broken in djgpp? — "H.Yamamoto" <ocean@...2.ccsnet.ne.jp>

[#27251] 脆弱性レポート翻訳者募集 — Yukihiro Matsumoto <matz@...>

[#27262] [rails:373] Ruby-1.8.3正式版に変えたらエラー — take_tk <ggb03124@...>

[#27270] ext/tk/sample/demos-en/tcolor.bak — Kazuhiro NISHIYAMA <zn@...>

[#27275] release schedule plan for 1.8.4 — "NARUSE, Yui" <naruse@...>

[#27281] env -i make; fails. — "URABE Shyouhei aka.mput" <root@...>

[#27297] warning of yaml/basenode.rb — 雪見酒 <yukimi_sake@...>

[#27302] warning: 'cdecl' attribute directive ignored — Kazuhiro NISHIYAMA <zn@...>

[#27310] RSSが見えない — Kazuhiro NISHIYAMA <zn@...>

[#27312] many net/http related test failures (Re: [ruby-cvs:15621] ruby, ruby/test/net/http: * test/net/http/test_http.rb: new file.) — Tanaka Akira <akr@...17n.org>

[#27314] test/ripper error (directory cannot be opened on windows) — "H.Yamamoto" <ocean@...2.ccsnet.ne.jp>

[#27316] OptionParser doesn't raise when given h — sheepman <sheepman@...>

[#27317] sizeof(FILE) — Tanaka Akira <akr@...17n.org>

[#27318] Re: [ruby-cvs:15644] ruby, ruby/lib: * lib/optparse.rb (RequiredArgument#parse): not consume unmatched — "U.Nakamura" <usa@...>

[#27321] RubyGemsとOS platformとの関係 — Daigo Moriwaki <techml@...>

[#27324] ext/digest on DrafonFly — Takahiro Kambe <taca@...>

[#27331] possible SEGV in rb_autoload_load? — "H.Yamamoto" <ocean@...2.ccsnet.ne.jp>

[#27334] File#read にゴミがつく — Yusuke ENDOH <mame@...>

[#27335] tcl 8.0 の環境で tcltklib がコンパイルできない — ENDOH Yusuke <mame@...>

[ruby-dev:27267] Re: 脆弱性レポート翻訳者募集

Thread

In This Thread

[#26935] send in lib — nobuyoshi nakada <nobuyoshi.nakada@...>