Red Hat Bugzilla – Bug 199538
Insecure operations in the certain safe-level restrictions
Last modified: 2007-11-30 17:11:38 EST
Description of problem:
Vulnerabilities has been reported in Ruby, which can be proceeded insecure
operations that originally wasn't expected in the certain safe-level restrictions.
Version-Release number of selected component (if applicable):
all versions of Ruby without any exceptions, such as 1.6.x and 1.8.x.
Steps to Reproduce:
$ ruby dir_jvn13947696.rb
dir_jvn13947696.rb:5:in `read': Insecure: operation on untainted Dir (SecurityError)
from dir_jvn13947696.rb:3:in `join'
$ ruby dir_jvn13947696_2.rb
dir_jvn13947696_2.rb:5:in `close': Insecure: can't close (SecurityError)
from dir_jvn13947696_2.rb:3:in `join'
This affects to FC4 and FC5 as well.
Created attachment 132732 [details]
Created attachment 132733 [details]
Created attachment 132734 [details]
Forgot to mention one more.
$ ruby regexp_jvn13947696.rb
regexp_jvn13947696.rb:5:in `initialize': Insecure: can't modify regexp
from regexp_jvn13947696.rb:3:in `join'
devel - 1.8.4-11.fc6
FC-5 - 1.8.4-8.fc5
FC-4 - 1.8.4-3.fc4
ruby-1.8.4-8.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.