[jruby-dev] [jira] (JRUBY-6296) JRuby deserializes files that aren't dump()able

meder (JIRA) Wed, 21 Dec 2011 14:33:00 -0800

meder created JRUBY-6296:
----------------------------

             Summary: JRuby deserializes files that aren't dump()able 
                 Key: JRUBY-6296
                 URL: https://jira.codehaus.org/browse/JRUBY-6296
             Project: JRuby
          Issue Type: Bug
            Reporter: meder
            Assignee: Thomas E Enebo



JRuby lets you 'load' classes that otherwise aren't allowed to be marshaled:

irb(main):133:0> p = 
Marshal.load("\x04\bo:\tFile\001\001:\001\005@path\"\x10/etc/passwd")
=> #<File:null (closed)>
irb(main):134:0> p
=> #<File:null (closed)>
irb(main):135:0> p.class
=> File
irb(main):136:0> p.instance_variables
=> [:@path]
irb(main):137:0> Marshal.dump(p)
TypeError: can't dump File
       from org/jruby/RubyMarshal.java:101:in `dump'
       from (irb):137:in `evaluate'
       from org/jruby/RubyKernel.java:1093:in `eval'
       from org/jruby/RubyKernel.java:1420:in `loop'
       from org/jruby/RubyKernel.java:1206:in `catch'
       from org/jruby/RubyKernel.java:1206:in `catch'
       from 
/usr/local/kumys/rails-rails-d103161/../jruby_1.6/jruby/bin/jirb:13:in `(root)'

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

[jruby-dev] [jira] (JRUBY-6296) JRuby deserializes files that aren't dump()able

Reply via email to