Bug #2223
closed
lib/delegate: security model?
Description
=begin
Take the following code:
require 'delegate'
cat = "cat"
dog = SimpleDelegator.new("dog")
cat.untrust
dog.untrust
lambda {$SAFE = 4; cat.upcase!}.call # ==> "CAT"
lambda {$SAFE = 4; dog.upcase!}.call # ==> Security Error
Is that expected?
Maybe #trust, #untrust, #taint and #untaint should both call 'super' and forward the call to getobj?
I'm even less sure as to what to do with #tainted? and #untrusted? for mixed cases (i.e. when self and getobj have different taintedness/trust). Disallow these cases? return "super || getobj.tainted?" ?
=end
Updated by mame (Yusuke Endoh) over 14 years ago
- Assignee set to marcandre (Marc-Andre Lafortune)
- Target version set to 1.9.2
=begin
Hi,
Could you create and send a patch?
If rubyspec and make check passes, and if there is no objection,
please commit it by yourself.
You can handle #2224 and #2496 in a similar way. You have control.
--
Yusuke Endoh mame@tsg.ne.jp
=end
Updated by mame (Yusuke Endoh) over 14 years ago
=begin
Hi, Marc-andre
What's the status? Or should I do it myself?
Could you create and send a patch?
If rubyspec and make check passes, and if there is no objection,
please commit it by yourself.You can handle #2224 and #2496 in a similar way. You have control.
--
Yusuke Endoh mame@tsg.ne.jp
=end
Updated by marcandre (Marc-Andre Lafortune) over 14 years ago
=begin
Hi!
I've had very few spare time last month, sorry, but I'll close the few issues assigned to me soon (definitely in time for the release candidate)
Thanks!¶
Marc-André
=end
Updated by marcandre (Marc-Andre Lafortune) over 14 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
=begin
This issue was solved with changeset r28376.
Marc-Andre, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
=end