ruby-list

青木です。

今週分の ruby-dev summary 22012-22103 です。
何か意見感想ありましたらよろしくおねがいします。


[ruby-list:38619] dl and Win32 API call
[ruby-dev:22012] Re: [ruby-list:38619] dl and Win32 API call

  arton reported dl.so problem on win32 systems.
  On win32 systems, API callee pops arguments from machine stack.
  But dl.so (API caller) pops arguments on all platforms, it breaks
  the stack.

  Tietew posted a patch in [ruby-dev:21991], but Takaaki Tateishi,
  dl.so maintainer, wants more tests on more platforms.  If you
  interesting in dl.so, please try the patch.  Procedure is:

    1. Get ruby CVS HEAD.
    2. Apply a patch.
    3. $ make all
    4. $ cd ext/dl
    5. $ make test

[ruby-dev:22013] HTTP_PROXY

  TANAKA Akira introduced following web page:

    http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0072.html

  This page describes the security hole about HTTP_PROXY.  HTTP server
  overwrite CGI programs' HTTP_* environment variables by request
  headers, HTTP_PROXY is overwritten by Proxy: HTTP header.
  So HTTP clients can overwrite HTTP_PROXY environment variable.
  If CGI programs use HTTP library and the library uses HTTP_PROXY,
  it causes security hole.

  Akira pointed out some standard libraries uses HTTP_PROXY without
  checking.  Related libraries are:

    * open-uri.rb   (maintainer: TANAKA Akira)
    * SOAP4R        (maintainer: NAKAMURA Hiroshi aka NaHi)
    * (net/http)    (maintainer: Minero Aoki)

  Akira (open-uri maintainer) decided to check if the library is
  used in CGI programs, by referring to REQUEST_METHOD environment
  variable.

  NaHi (SOAP4R maintainer) decided to see use_proxy environment
  variable.  If ENV['use_proxy'] is set, SOAP4R uses HTTP_PROXY.
  Otherwise it ignores environment variable.

  Finally, Minero Aoki (net/http maintainer) decided to keep current
  behavior... never rely on HTTP_PROXY environment variable. If you
  want to use proxy, set it explicitly.  open-uri is preferable for
  "handy" use.

  See each CVS HEAD source code and their rdocs for details.

[ruby-dev:22019] $stdout/$stderr must respond to IO methods?

  Currently You can set any object to $stdout/$stderr if only the
  object has #write method.  e.g.

    class StdoutLogging
      def write(str)
        File.open('/tmp/log', 'a') {|f| f.print str }
      end
    end
    $stdout = StdoutLogging.new

  Tietew pointed out that this protocol does not assure that
  following code works:

    $stderr.print 'warning: does not use this method'

  He suggested to make new module such as IO::Writable, which defines
  I/O methods using #write method.

[ruby-dev:22057] drb/drb.rb document

  Minero Aoki suggested that "require 'drb'" is better than
  "require 'drb/drb'".  SEKI Masatoshi, drb maintainer, replied
  that he choose "require 'drb/drb'".

[ruby-dev:22067] exit value as boolean

  nobu.nakada proposed new semantics of Kernel#exit.
  "exit true" means "exit(EXIT_SUCCESS)" in C,
  "exit false" means "exit(EXIT_FAILURE)".
  Matz agreed with him and incorporated a patch.

[ruby-dev:22071] Dir.glob and shift_jis

  H.Yamamoto posted a patch to allow Dir.glob searching files which
  name includes native language characters.  The latest patch is
  attached to [ruby-dev:22104].