From: Austin Ziegler <halostatue@gmail.com>
To: Ruby developers <ruby-core@ruby-lang.org>
Subject: [ruby-core:95398] Re: [Ruby master Feature#16131] Remove $SAFE, taint and trust
Date: Thu, 17 Oct 2019 12:19:08 -0400 [thread overview]
Message-ID: <CAJ4ekQtP=ixzfiLN1Fj+X9HSW5WrW0Kq9HWE9p83c-5ZjFvVHg@mail.gmail.com> (raw)
In-Reply-To: <redmine.journal-82110.20191017155223.52466a5dc7b43091@ruby-lang.org>
[-- Attachment #1.1: Type: text/plain, Size: 4065 bytes --]
If the gems in question have updates available via RubyGems, I would
recommend that the major versions on these be bumped so that restrictions
can be handled better for applications. I _never_ hard-drop a Ruby version
without changing the major on any of the gems that I support.
-a
On Thu, Oct 17, 2019 at 11:52 AM <merch-redmine@jeremyevans.net> wrote:
> Issue #16131 has been updated by jeremyevans0 (Jeremy Evans).
>
>
> The blocker on merging the pull request is that test-bundled-gems is
> failing due to the `rake` test failure.
> https://github.com/ruby/rake/pull/329 needs to be merged (and I don't
> have permissions to merge it), and a new rake released and bundled with
> Ruby.
>
> I checked and Bundler and Rubygems are the only libraries affected that
> use external upstreams. All other affected libraries (default gems) are
> under the ruby organization on GitHub. We need to decide how we want to
> handle these:
>
> Default gems without extensions
>
> ```
> fileutils
> irb
> reline
> rexml
> rss
> webrick
> ```
>
> Default gems with extensions:
>
> ```
> bigdecimal
> date
> dbm
> etc
> fiddle
> gdbm
> io-console
> openssl
> psych
> stringio
> strscan
> zlib
> ```
>
> Are we OK with just removing the calls to taint/untaint? I'm not sure,
> but I believe that may cause issues when using previous versions of Ruby.
> The simplest fix here is to set the required ruby version in the related
> gemspecs to 2.6.99 to allow 2.7.0 preview/beta versions and above to work.
> That will mean older versions of Ruby cannot install newer versions of the
> gems. Is that acceptable?
>
> ----------------------------------------
> Feature #16131: Remove $SAFE, taint and trust
> https://bugs.ruby-lang.org/issues/16131#change-82110
>
> * Author: naruse (Yui NARUSE)
> * Status: Open
> * Priority: Normal
> * Assignee:
> * Target version:
> ----------------------------------------
> Ruby had Taint checking which is originally introduced in Perl.
> https://en.wikipedia.org/wiki/Taint_checking
>
> It was intended to provide a useful tool for handle objects which are come
> from outside.
> Input data is set as tainted by default and call untaint if you checked or
> filtered the value.
> Some people used this feature in the age of CGI.
>
> But these days, no one use the mechanism and input libraries usually
> doesn't support it.
> For example rack, as following shows its input is not tainted and the
> mechanism is unusable.
>
> ```
> % cat foo.ru
> run ->(env) do
> ['200', {'Content-Type' => 'text/plain'}, ["Is QUERY_STRING tainted?:
> #{env["QUERY_STRING"].tainted?}"]]
> end
> % rackup foo.ru
> [51724] Puma starting in cluster mode...
> [51724] * Version 3.12.1 (ruby 2.6.3-p62), codename: Llamas in Pajamas
> [51724] * Min threads: 3, max threads: 3
> [51724] * Environment: development
> [51724] * Process workers: 1
> [51724] * Preloading application
> [51724] * Listening on tcp://localhost:9292
> [51724] Use Ctrl-C to stop
> [51737] + Gemfile in context: /Users/naruse/work/td-cdp-api/Gemfile
> [51724] - Worker 0 (pid: 51737) booted, phase: 0
> ```
>
> ```
> % curl http://localhost:9292/\?foo=1
> Is QUERY_STRING tainted?: false
> ```
>
> Therefore I think Taint checking mechanism is unusable on the current Ruby
> ecosystem.
>
> On the other hand we experienced multiple vulnerability around $SAFE and
> taint mechanism.
>
> https://cse.google.com/cse?q=taint&cx=008288045305770251182%3Afvruzsaknew&ie=UTF-8
> The cost of maintaining it is expensive.
>
> In conclusion, I think the taint mechanism is too expensive to maintain
> for the merit of it.
> I suggest to remove it.
>
>
>
> --
> https://bugs.ruby-lang.org/
>
> Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>
>
--
Austin Ziegler • halostatue@gmail.com • austin@halostatue.ca
http://www.halostatue.ca/ • http://twitter.com/halostatue
[-- Attachment #1.2: Type: text/html, Size: 5827 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2019-10-17 16:19 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-16131.20190829071434@ruby-lang.org>
2019-08-29 7:14 ` [ruby-core:94657] [Ruby master Feature#16131] Remove $SAFE, taint and trust naruse
2019-12-16 3:10 ` [ruby-core:96254] " Eric Wong
2019-12-20 1:38 ` [ruby-core:96356] " Shugo Maeda
2019-08-29 15:46 ` [ruby-core:94669] " merch-redmine
2019-08-29 18:49 ` [ruby-core:94670] " jean.boussier
2019-08-29 19:43 ` [ruby-core:94671] " merch-redmine
2019-08-30 4:41 ` [ruby-core:94677] " mame
2019-08-30 8:49 ` [ruby-core:94682] " hsbt
2019-08-30 16:19 ` [ruby-core:94686] " daniel
2019-08-30 16:57 ` [ruby-core:94687] " daniel
2019-08-30 17:29 ` [ruby-core:94688] " merch-redmine
2019-08-30 17:45 ` [ruby-core:94689] " daniel
2019-09-02 5:57 ` [ruby-core:94722] " mame
2019-09-07 11:40 ` [ruby-core:94827] " eregontp
2019-09-19 8:00 ` [ruby-core:94979] " matz
2019-09-19 13:26 ` [ruby-core:94989] " headius
2019-09-21 7:17 ` [ruby-core:95013] " merch-redmine
2019-09-25 4:08 ` [ruby-core:95075] " merch-redmine
2019-10-04 16:17 ` [ruby-core:95228] " merch-redmine
2019-10-17 6:59 ` [ruby-core:95387] " mame
2019-10-17 15:52 ` [ruby-core:95397] " merch-redmine
2019-10-17 16:19 ` Austin Ziegler [this message]
2019-10-18 3:28 ` [ruby-core:95410] " mame
2019-10-18 5:44 ` [ruby-core:95412] " merch-redmine
2019-10-18 22:26 ` [ruby-core:95425] " merch-redmine
2019-10-30 20:54 ` [ruby-core:95594] " merch-redmine
2019-11-11 17:14 ` [ruby-core:95795] " mame
2019-11-11 17:55 ` [ruby-core:95797] " merch-redmine
2019-11-11 18:43 ` [ruby-core:95800] " daniel
2019-11-11 18:56 ` [ruby-core:95802] " merch-redmine
2019-11-11 23:50 ` [ruby-core:95805] " mame
2019-11-12 3:50 ` [ruby-core:95807] " hsbt
2019-11-15 14:57 ` [ruby-core:95858] " merch-redmine
2019-11-17 23:14 ` [ruby-core:95871] " merch-redmine
2019-11-30 9:27 ` [ruby-core:96036] " hsbt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ4ekQtP=ixzfiLN1Fj+X9HSW5WrW0Kq9HWE9p83c-5ZjFvVHg@mail.gmail.com' \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).