[Christian Hofstaedtler]
> I'm attaching two test programs that both raise a SecurityError on
> ruby2.2 in sid, but run through on ruby2.1 in jessie. They only
> cover two Fiddle cases, and no DL cases, though.
Thank you very much!. But the second fail with ruby2.1 today:
% for f in *; do echo $f; ruby $f; done
cve-2009-5147-fiddle-01.rb
"/lib/x86_64-linux-gnu/libm.so.6"
"/lib/x86_64-linux-gnu/libm.so.6"
3.0
cve-2009-5147-fiddle-02.rb
cve-2009-5147-fiddle-02.rb:18:in `call': tainted parameter not allowed
(SecurityError)
from cve-2009-5147-fiddle-02.rb:18:in `<main>'
%
How come?
--
Happy hacking
Petter Reinholdtsen