Dne 22. 01. 19 v 9:59 Mamoru TASAKA napsal(a): > > 3 postgresql-plruby-0.5.7-1.fc30.src.rpm > Build fails: > https://koji.fedoraproject.org/koji/taskinfo?taskID=32181377 > Succeeds for rawhide (ruby2.5) > https://koji.fedoraproject.org/koji/taskinfo?taskID=32181375 > + ruby extconf.rb --vendor --with-safe-level=1 > --with-pg-config=/usr/bin/pg_server_config > ... > ... > BUILDSTDERR: extconf.rb:175:in `directory?': Insecure operation - > directory? (SecurityError) > Perhaps related to ruby changes with regard to security model. >
This is interesting issue. It fails at this line: https://github.com/devrimgunduz/postgresql-plruby/blame/master/extconf.rb#L170 Similar reproducer IMO could be: ~~~ $ ruby -e '$SAFE=1; Dir.foreach(".") {|d| File.directory?(d)}' ~~~ This fails on Ruby 2.5 as well as Ruby 2.6, what is somehow expected given that the `d` is tainted. However, how comes that it passes in the extconf.rb for Ruby 2.5? IOW the workarond/fix could be as simple as `dir.untaint` but it does not explain why it worked and does not work anymore :/ Thoughts? Vít
_______________________________________________ ruby-sig mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
