Professional Web Applications Themes

tainted symbols? - Ruby

irb(main):001:0> t = "p 'hello world'".taint => "p 'hello world'" irb(main):002:0> s = t.intern => :p 'hello world' irb(main):003:0> s.tainted? => false Is this a security vulnerability? -- John Long http://wiseheartdesign.com...

  1. #1

    Default tainted symbols?

    irb(main):001:0> t = "p 'hello world'".taint
    => "p 'hello world'"
    irb(main):002:0> s = t.intern
    => :p 'hello world'
    irb(main):003:0> s.tainted?
    => false

    Is this a security vulnerability?

    --
    John Long
    http://wiseheartdesign.com
    John Guest

  2. #2

    Default Re: tainted symbols?

    John W. Long wrote:
     
    At first it appears to be since you can then do

    irb(main):006:0> $SAFE=1
    => 1
    irb(main):006:0> eval s.to_s
    "hello world"
    => nil

    However I don't think this will actually cause any security problems
    since you need to ask yourself why your program would take a string from
    an external source, convert it to a symbol and then back into a string
    again.


    --
    Mark Sparshatt



    Mark Guest

  3. #3

    Default Re: tainted symbols?

    > irb(main):001:0> t = "p 'hello world'".taint 

    I can't answer that, but see the following case:

    $SAFE=1

    ut = "'Hello world'" # untainted string
    us = ut.intern # untainted symbol

    t = gets.chomp # -> happens to be 'Hello world'
    s = t.intern # tainted

    now 'us' points to a tainted symbol... I think that would be
    undesirable...


    Carlos Guest

  4. #4

    Default Re: tainted symbols?

    >>>>> "C" == Carlos <com.ar> writes:

    C> t = gets.chomp # -> happens to be 'Hello world'
    C> s = t.intern # tainted

    svg% ruby -e 't = "aa"; t.taint; p t.intern.tainted?'
    false
    svg%



    Guy Decoux


    ts Guest

  5. #5

    Default Re: tainted symbols?

    > C> t = gets.chomp # -> happens to be 'Hello world' 

    It was hypotetical example to show why I think it is a bad idea to
    transmit taint with #intern.


    Carlos Guest

  6. #6

    Default Re: tainted symbols?

    ---- Carlos wrote: ---- 

    I'm not quite sure what you are trying to point out here. In the above
    example 'us' would always be untainted. To my mind 'us' should have the same
    taint that the string it was created from had.

    --
    John Long
    http://wiseheartdesign.com




    John Guest

  7. #7

    Default Re: tainted symbols?

    >>$SAFE=1 
    >
    >
    > I'm not quite sure what you are trying to point out here. In the above
    > example 'us' would always be untainted. To my mind 'us' should have the same
    > taint that the string it was created from had.[/ref]

    'us' and 's' refer to the same object.

    Symbols are like Fixnums; there is only one object for each different
    symbol. So, "aa".id != "aa".id, but "aa".intern.id == "aa".intern.id.



    Carlos Guest

Similar Threads

  1. Symbols
    By David_Yowell@adobeforums.com in forum Adobe Illustrator Windows
    Replies: 4
    Last Post: November 2nd, 05:27 AM
  2. Copyright symbols
    By Majicman17@adobeforums.com in forum Adobe Illustrator Windows
    Replies: 28
    Last Post: July 14th, 03:57 PM
  3. are there symbols in ID?
    By marco_mintchev@adobeforums.com in forum Adobe Indesign Windows
    Replies: 3
    Last Post: July 3rd, 04:12 PM
  4. ANN: Symbols
    By Richiebee in forum Macromedia Fireworks
    Replies: 3
    Last Post: October 26th, 06:25 PM
  5. Symbols......
    By Bill Ray in forum Macromedia Fireworks
    Replies: 3
    Last Post: October 12th, 12:03 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139