#686: security escalation bug via pretty_print & Dir.entries
--------------------------------------+-------------------------------------
Reporter: ryand-r...@… | Owner: lsansone...@…
Type: defect | Status: new
Priority: major | Milestone:
Component: MacRuby | Keywords: SAFE security taint
--------------------------------------+-------------------------------------
I found a bug in macruby that doesn't repro under ruby 1.9.1:
{{{
require 'test/unit'
require 'pp'
class BuggyTest < Test::Unit::TestCase
def test_reproduction
directory = File.expand_path("~/Documents")
Dir.entries(directory).pretty_inspect
File.directory? File.join(directory, Dir.entries(directory).first)
end
end
}}}
test results:
{{{
502 % multiruby test_bug.rb
VERSION = 1.8.6-p368
CMD = ~/.multiruby/install/1.8.6-p368/bin/ruby test_bug.rb
Loaded suite test_bug
Started
.
Finished in 0.007189 seconds.
1 tests, 0 assertions, 0 failures, 0 errors
RESULT = 0
VERSION = 1.8.7-p174
CMD = ~/.multiruby/install/1.8.7-p174/bin/ruby test_bug.rb
Loaded suite test_bug
Started
.
Finished in 0.005301 seconds.
1 tests, 0 assertions, 0 failures, 0 errors
RESULT = 0
VERSION = 1.9.1-p129
CMD = ~/.multiruby/install/1.9.1-p129/bin/ruby test_bug.rb
Loaded suite test_bug
Started
.
Finished in 0.002460 seconds.
1 tests, 0 assertions, 0 failures, 0 errors, 0 skips
RESULT = 0
TOTAL RESULT = 0 failures out of 3
Passed: 1.9.1-p129, 1.8.6-p368, 1.8.7-p174
Failed:
}}}
versus:
{{{
502 % macruby test_bug.rb
Loaded suite test_bug
Started
E
Finished in 0.403522 seconds.
1) Error:
test_reproduction(BuggyTest):
SecurityError: Insecure operation: -r
/Users/ryan/Desktop/Cocoa/macrubytest/Tests/test_bug.rb:6:in
`test_reproduction'
1 tests, 0 assertions, 0 failures, 1 errors, 0 skips
}}}
--
Ticket URL: <http://www.macruby.org/trac/ticket/686>
MacRuby <http://macruby.org/>
_______________________________________________
MacRuby-devel mailing list
MacRuby-devel@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/macruby-devel
