Project

General

Profile

Actions

Feature #2710

closed

Kernel#load loads a relative path

Added by brixen (Brian Shirai) about 14 years ago. Updated over 6 years ago.

Status:
Rejected
Target version:
[ruby-core:28036]

Description

=begin
It was my understanding that Kernel#require was changed to not load a relative path because of a security issue (http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/24155). Does this security issue not apply to Kernel#load, too? Have I misunderstood the expected behavior?

$ cat a.rb
puts 1

$ cat b.rb
load 'a.rb'
require 'a.rb'

$ ruby1.8.7 -v b.rb
ruby 1.8.7 (2009-12-24 patchlevel 248) [i686-darwin9.8.0]
1
1

$ ruby1.9 -v b.rb
ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0]
1
b.rb:2:in require': no such file to load -- a.rb (LoadError) from b.rb:2:in '

$ RUBYLIB=. ruby1.9 -v b.rb
ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0]
1
1

Thanks,
Brian
=end

Actions #1

Updated by dolzenko (Evgeniy Dolzhenko) about 14 years ago

=begin
The same question here using ruby 1.9.2dev (2010-03-09 trunk 26858) [i686-linux], any update?
=end

Actions #2

Updated by mame (Yusuke Endoh) almost 14 years ago

  • Assignee set to akr (Akira Tanaka)

=begin
Hi,

akr, what do you think about this ticket?

--
Yusuke Endoh
=end

Actions #3

Updated by mame (Yusuke Endoh) almost 14 years ago

  • Target version changed from 1.9.2 to 2.0.0

=begin
Hi,

akr said in [ruby-core:29715]:

I think Roger's idea (load() don't see the library load path) is good.

Then, at least, the concern that this ticket is raising is not a bug.

In addition, it is arguable (to me) whether or not the library load paths
should be removed from load()'s search paths.
At least, such a spec change is not acceptable for 1.9.2.

Thus, I move this ticket to 1.9.x Feature tracker.

--
Yusuke Endoh
=end

Actions #4

Updated by shyouhei (Shyouhei Urabe) over 13 years ago

  • Status changed from Open to Assigned

=begin

=end

Updated by ko1 (Koichi Sasada) over 11 years ago

  • Description updated (diff)
  • Target version changed from 2.0.0 to 2.6

I changed target to next minor because no discussion on it.

Updated by mame (Yusuke Endoh) over 6 years ago

Closing this because of no discussion for seven years. I think it is too late to change the behavior just for consistency.

Actions #7

Updated by mame (Yusuke Endoh) over 6 years ago

  • Status changed from Assigned to Rejected
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0