ruby-dev summary 26128-26222

[Minero Aoki]

Hi all,

This is a summary of ruby-dev ML in these days.

[ruby-dev:26100] FileUtils.rm_rf security problem (contd.)

TANAKA Akira reported local vulnerability of FileUtils.rm_r.
This problem is known as TOCTTOU (time-of-check-to-time-of-use)
problem. For details of this vulnerability, see following cases:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452

Minero Aoki, the maintainer of fileutils.rb, implemented several
versions of rm_r but they are still incomplete.

This issue is still open.

[ruby-dev:26128] ruby needs two Ctrl-C for termination

Tanaka Akira reported that ruby does not exit on single Ctrl-C
with following program:

trapINT, "EXIT")
Thread.start { Thread.pass }
STDIN.sysread(4096)

This issue is still open.

[ruby-dev:26132] Hash#hash on 1.9

H.Yamamoto reported that Hash#hash returns different hash value
for same hash tables:

% ruby -e '
h = {1=>nil, 2=>nil, []=>nil, {}=>nil, 5=>nil}
p h.hash
p h.clone.hash
'
3640
10552

Matz resolved this problem by removing custom Hash#hash and Hash#eql?.

[ruby-dev:26156] ruby 1.8.3 preview1

Matz released ruby 1.8.3 preview1.
Here is a list of known bugs. This list includes additional items.

[ruby-dev:24243] Re: private load and Module.nesting
[ruby-dev:26010] rb_attr_get may warn
[ruby-dev:26100] FileUtils.rm_rf security problem
[ruby-dev:26128] ruby needs two ^C for termination

[ruby-core:4622] tempfile.rb
[ruby-core:4326] RDoc parse_c.rb for C ext libs consisting of many *.c files
[ruby-core:4328] Re: RDoc parse_c.rb for C ext libs consisting of many *.c files
[ruby-core:4302] [PATCH] RDoc parse_rb.rb: Logic for def Builtin.method() end
[ruby-core:4572] [PATCH] RDoc - :nodoc: and macro in C
[ruby-core:4869] [BUG] Infinite loop on YAML.dump (Re: ruby-list:40801)

Masahiro Tomita claimed that ruby should not warn when loading
getopts, with $VERBOSE=false. Matz agreed with him. In addition,
WATANABE Hirofumi said that optparse.rb is too diffucult to use,
he recommended to bandle ropt instead. For details of ropt, refer
RAA:

http://raa.ruby-lang.org/project/ropt/

[ruby-dev:26180] glob without String

Nobuyoshi Nakada posted a patch which allows rb_glob() call
before ruby_init(). This patch was incorporated.


-- Minero Aoki

ruby-dev summary index:
http://i.loveruby.net/en/ruby-dev-summary.html

 

[Aredridel]

Masahiro Tomita claimed that ruby should not warn when loading

getopts, with $VERBOSE=false. Matz agreed with him. In addition,
WATANABE Hirofumi said that optparse.rb is too diffucult to use,
he recommended to bandle ropt instead. For details of ropt, refer
RAA:

http://raa.ruby-lang.org/project/ropt/

My first thought is that the optparse API is much nicer -- it could be
simplified slightly without losing anything, but ropt looks more
difficult, even if it is more succinct.

Ari

 

[Daniel Berger]

My first thought is that the optparse API is much nicer -- it could be
simplified slightly without losing anything, but ropt looks more
difficult, even if it is more succinct.

Ari

I concur. Folks would do well to take a look at Perl's Getopt::Std and
Getopt::Long (or elsewhere) to see how they do things instead of
reinventing a very old wheel. And no, Ruby's GetoptLong is not where
it should be.

Regards,

Dan

 

[Michael Campbell]

=20

ropt looks more like what I'm used to in the unix world; I think
regardless of the bundling status, I'll be using it for my apps.=20
Thanks for bringing this to my attention!

My first thought is that the optparse API is much nicer -- it could be
simplified slightly without losing anything, but ropt looks more
difficult, even if it is more succinct.

So much for your minimalist nature, eh Aredridel? ;-) (Referring to
your quip last night on IRC re: vi/emacs...) <wink>

 

[Michael Campbell]

My first thought is that the optparse API is much nicer -- it could be

=20
I concur. Folks would do well to take a look at Perl's Getopt::Std and
Getopt::Long (or elsewhere) to see how they do things instead of
reinventing a very old wheel. And no, Ruby's GetoptLong is not where
it should be.

? perl's getopt::Std looks pretty much like what ropt looks like... no?

http://perldoc.perl.org/Getopt/Std.html

 

[Eric Hodel]

My first thought is that the optparse API is much nicer -- it could be
simplified slightly without losing anything, but ropt looks more
difficult, even if it is more succinct.

What I like about optparse is that it is so simple to get a usage
message out of it, and for files with many options, this is handy.

For files with very few options, optparse requires too much typing.

 

[Eric Hodel]

I don't think so. It seems to me you can leave out a great quantity of
the optparse pooky if you want to keep things simple:


require 'optparse'
require 'ostruct'
opt = OpenStruct.new
p = OptionParser.new {|p|
p.on('-c C') {|o| opt.color = o}
p.on('-i I', Integer) {|o| opt.int = o}
}.parse!
puts "color is: #{opt.color} (#{opt.color.class})"
puts "integer is: #{opt.int} (#{opt.int.class})"

6 lines too many (counting my shebang with -s):

$ cat x.rb
#!/usr/local/bin/ruby -ws

puts "color is #{$c}" if defined? $c
puts "integer is #{$i}" if defined? $i
$ ./x.rb -c=blue -i=99
color is blue
integer is 99

Maybe the problem is with optparse documentation. I started with the
comment in the code and kept chucking until I got to what is above.

You could also replace OpenStruct with a Hash.

 

[Eric Hodel]

Sure, if -s is sufficient for your purposes.

Exactly, when -s is sufficient, optparse is overkill. When it is
insufficient, optparse works great.

As for me, I don't like how it clobbers globals. What if someone
invokes your -s enabled script with the option '-stdout' ?

Then that someone hasn't read -h, which is tough for them. If people
want to specify undocumented options to scripts they can live with
the consequences.

Well, I guess I don't understand the issue. optparse is concise
enough for me, in comparison with other means of parsing options
like getoptlong.

I use the simplest thing that works. Sometimes that is ruby -s,
other times that is optparse, and other times it is if ARGV.first ==
"-e" then ... end. I wish I could use optparse all the time, but it
often involves too much typing for too little gain.

 

[nobu.nokada]

Hi,

At Sun, 5 Jun 2005 00:35:11 +0900,
Aredridel wrote in [ruby-talk:144547]:

My first thought is that the optparse API is much nicer -- it could be
simplified slightly without losing anything, but ropt looks more
difficult, even if it is more succinct.

ropts also is nice enough as OO-style, and closer to getopts,
so I guess it would be one of good choices to port from
getopts.