Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
Security Gotcha with $:
John Carter
3/2/2005 12:38:00 AM
1 Answer
Eric Hodel
3/2/2005 9:13:00 PM
0
On 01 Mar 2005, at 16:37, John Carter wrote:
> I have just stumbled on a small security Gotcha in my code, that is
> probably common to quite a lot of code...
[snip]
> So a Bad Hat (or just plain Murphy as in Murphy's Law) could put his
> own nasty version of MyModule.rb on the current working directory and
> there after your App does Strange Things.
>
> Solution 1:
>
> $:.unshift "/The/place/where/my/ruby/modules/live"
>
> I don't like that as then if Murphy places anything with a module name
> that is the same as a system module in
> "/The/place/where/my/ruby/modules/live"
> then suddenly all system modules start behaving in mysterious ways.
This one is common.
> Solution 2:
>
> $:.reject!{|p| p[0] != ?/} # Only allow absolute paths
>
> $: << "/The/place/where/my/ruby/modules/live"
>
> require 'MyModule'
Solution 3:
Use RUBYLIB:
$ env | grep RUBY
RUBYLIB=/Users/drbrain/lib/ruby/
$ ruby -e 'p $:'
["/Users/drbrain/lib/ruby/", "/usr/local/lib/ruby/site_ruby/1.8",
"/usr/local/lib/ruby/site_ruby/1.8/powerpc-darwin7.7.0",
"/usr/local/lib/ruby/site_ruby", "/usr/local/lib/ruby/1.8",
"/usr/local/lib/ruby/1.8/powerpc-darwin7.7.0", "."]
[ ~/Work/svn/robotcoop/hugster/trunk ]
--
Eric Hodel - drbrain@segment7.net -
http://se...
FEC2 57F1 D465 EB15 5D6E 7C11 332A 551C 796C 9F04
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Security Gotcha with $:
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password