Red Hat Bugzilla – Bug 199543
ruby safe-level bypass
Last modified: 2007-11-30 17:11:38 EST
Description of problem: A Vulneerability has been reported in Ruby, which can be exploited by malicious people to bypass certain security-level restrictions. Version-Release number of selected component (if applicable): all versions of Ruby, such as 1.6.x and 1.8.x without any exceptions. How reproducible: always Steps to Reproduce: 1.ruby alias_jvn83768862.patch 2. 3. Actual results: no exceptions. Expected results: $ ruby alias_jvn83768862.patch alias_jvn83768862.patch:9:in `p': calling insecure method: inspect (SecurityError) from alias_jvn83768862.patch:9 Additional info: thia affects to FC4 and FC5 as well.
Created attachment 132736 [details] testcase
obviously .patch is a typo. it should be s/.patch/.rb/, but anyway ;)
Fixed in: devel - 1.8.4-11.fc6 FC-5 - 1.8.4-8.fc5 FC-4 - 1.8.4-3.fc4
ruby-1.8.4-8.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.