Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
Taint mechanism
Olivier Sarrouy
7/2/2008 10:47:00 AM
Hi everyone,
I would like to ask a few question about the taint mechanism of ruby.
It seems that ruby taint mechanism doesn't care about indirect dataflow
to propagate the taint. For instance, if you got :
myVar1 = ARGV[0] <-- tainted
if myVar1 == "alice"
myVar2 = "Bob"
else
myVar2 = "Eve"
end
myVar2 should be tainted as there is an indirect dataflow from myVar1,
which is tainted, to myVar2. So I think it would be of a great thing to
be able to tackle indirect data flow, in order to be able to "prove"
some security properties on ruby programs.
Is this a choice from ruby core developers or would it be a potential
feature for the next ruby version ?
Thanks to all
Olivier
--
Posted via
http://www.ruby-...
.
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
Taint mechanism
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password