Re: textdomain.rb Security Error - Insecure operation

samizdat-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: textdomain.rb Security Error - Insecure operation - exist?

From:	Dmitry Borodaenko
Subject:	Re: textdomain.rb Security Error - Insecure operation - exist?
Date:	Sat, 3 Feb 2007 14:11:12 +0000

Boud,

Many thanks for this report! In fact, this particular error is the one
that made me lose my patience and implement the improved error
reporting, so that we would finally be able to nail it down :)

I don't think fiddling with cache.rb will help: language_list() is
never cached (probably should be, I wonder how much performance will
it gain us). Besides, Samizdat never passes tainted data to
bindtextdomain(), it validates and untaints it. This means the data
got mysteriously re-tainted somewhere in GetText or even deeper in
Ruby itself.

I didn't look deeper into the GetText from Debian/stable (which will
very soon become old-stable anyway), but I suspect that untainting the
file name isn't very safe from security point of view. If you can
replicate this bug (I couldn't catch it), try to find which of the
components of that File.join() is tainted, and only untaint it if
you're sure it only contains safe characters.

--
Dmitry Borodaenko

[Prev in Thread]

Current Thread

[Next in Thread]

textdomain.rb Security Error - Insecure operation - exist?, boud, 2007/02/02
- Re: textdomain.rb Security Error - Insecure operation - exist?, Dmitry Borodaenko <=
  - Re: textdomain.rb Security Error - Insecure operation - exist?, boud, 2007/02/03

Prev by Date: Re: user barrier - ambiguity about "content" vs "upload content from file"
Next by Date: Re: boot up init.d script hack for fedora
Previous by thread: textdomain.rb Security Error - Insecure operation - exist?
Next by thread: Re: textdomain.rb Security Error - Insecure operation - exist?
Index(es):
- Date
- Thread