----- Original Message ----- > From: "Vít Ondruch" <vondr...@redhat.com> > To: ruby-sig@lists.fedoraproject.org > Sent: Tuesday, January 22, 2019 4:26:13 PM > Subject: Re: Ruby 2.6 - Mass rebuild - postgresql-plruby > > > > > Dne 22. 01. 19 v 9:59 Mamoru TASAKA napsal(a): > > > > 3 postgresql-plruby-0.5.7-1.fc30.src.rpm > Build fails: https://koji.fedoraproject.org/koji/taskinfo?taskID=32181377 > Succeeds for rawhide (ruby2.5) > https://koji.fedoraproject.org/koji/taskinfo?taskID=32181375 > + ruby extconf.rb --vendor --with-safe-level=1 > --with-pg-config=/usr/bin/pg_server_config > ... > ... > BUILDSTDERR: extconf.rb:175:in `directory?': Insecure operation - directory? > (SecurityError) > Perhaps related to ruby changes with regard to security model. > > > > > > > This is interesting issue. It fails at this line: > > https://github.com/devrimgunduz/postgresql-plruby/blame/master/extconf.rb#L170 > > Similar reproducer IMO could be: > > ~~~ > > > $ ruby -e '$SAFE=1; Dir.foreach(".") {|d| File.directory?(d)}' > > ~~~ > > This fails on Ruby 2.5 as well as Ruby 2.6, what is somehow expected given > that the `d` is tainted. However, how comes that it passes in the extconf.rb > for Ruby 2.5? > > IOW the workarond/fix could be as simple as ` dir.untaint` but it does not > explain why it worked and does not work anymore :/ Thoughts? > > > > > Vít
Maybe I'm being silly, but doesn't it correspond to: - $SAFE is a process global state and we can set 0 again. [Feature #14250] [1] or to some of the related revisions, like $SAFE in ERB being deprecated? (Note: procs, lambdas, threads, all share the same $SAFE level; and SAFE 1 and 0 are both considered 'unsafe'.) I've seen 'Insecure operation' warnings in rubygem-gettext build too[2], but I do not yet know how to fix them. [1] https://bugs.ruby-lang.org/issues/14250 [2] https://copr-be.cloud.fedoraproject.org/results/pvalena/ruby26-gems/fedora-rawhide-x86_64/00843822-rubygem-gettext/ Regards, Pavel _______________________________________________ ruby-sig mailing list -- ruby-sig@lists.fedoraproject.org To unsubscribe send an email to ruby-sig-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/ruby-sig@lists.fedoraproject.org
