Yukihiro Matsumoto
7/2/2008 2:45:00 PM
Hi,
In message "Re: Taint mechanism"
on Wed, 2 Jul 2008 19:47:21 +0900, Olivier Sarrouy <olivier.sarrouy@rennes.supelec.fr> writes:
|It seems that ruby taint mechanism doesn't care about indirect dataflow
|to propagate the taint. For instance, if you got :
|
|myVar1 = ARGV[0] <-- tainted
|
|if myVar1 == "alice"
| myVar2 = "Bob"
|else
| myVar2 = "Eve"
|end
|
|myVar2 should be tainted as there is an indirect dataflow from myVar1,
|which is tainted, to myVar2. So I think it would be of a great thing to
|be able to tackle indirect data flow, in order to be able to "prove"
|some security properties on ruby programs.
We are not going to track indirect data flow in the future. Ruby's
taint mechanism is a tool to prevent foolish security flaws. We don't
need costly data flow analysis for the purpose. Simple direct data
flow tracking is enough.
matz.