O
Olivier Sarrouy
Hi everyone,
I would like to ask a few question about the taint mechanism of ruby.
It seems that ruby taint mechanism doesn't care about indirect dataflow
to propagate the taint. For instance, if you got :
myVar1 = ARGV[0] <-- tainted
if myVar1 == "alice"
myVar2 = "Bob"
else
myVar2 = "Eve"
end
myVar2 should be tainted as there is an indirect dataflow from myVar1,
which is tainted, to myVar2. So I think it would be of a great thing to
be able to tackle indirect data flow, in order to be able to "prove"
some security properties on ruby programs.
Is this a choice from ruby core developers or would it be a potential
feature for the next ruby version ?
Thanks to all
Olivier
I would like to ask a few question about the taint mechanism of ruby.
It seems that ruby taint mechanism doesn't care about indirect dataflow
to propagate the taint. For instance, if you got :
myVar1 = ARGV[0] <-- tainted
if myVar1 == "alice"
myVar2 = "Bob"
else
myVar2 = "Eve"
end
myVar2 should be tainted as there is an indirect dataflow from myVar1,
which is tainted, to myVar2. So I think it would be of a great thing to
be able to tackle indirect data flow, in order to be able to "prove"
some security properties on ruby programs.
Is this a choice from ruby core developers or would it be a potential
feature for the next ruby version ?
Thanks to all
Olivier