Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > Insecure operation

Reply
Thread Tools

Insecure operation

 
 
rasfast@gmail.com
Guest
Posts: n/a
 
      08-26-2008
Hello!

I'm trying to make a CGI script which uses modules from Rails, and
I've got a "Security Error". I have read posts about taint/untaint,
but nothing helps. Could you advice something?

Details:
FreeBSD 6.3-STABLE
Rails 2.1.0
Ruby 1.8.6
Apache 2.2 + mod_ruby (for CGI) + latest Phusion Passenger + latest
Ruby Enterprise (for Rails)

Script:
require 'cgi'
require '../config/environment'
params = CGI:arse( ENV['QUERY_STRING'] ).each{ |key, el| {key =>
el.first} } #I don't know how to get GET vars in another way
seller = ContrSeller.find( :first, :conditions => { :id =>
params['seller_id'], assword => params['pass'] } ) #ContrSeller - is
an existing model

Error:
mod_ruby: error in ruby
mod_ruby: /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/
active_support/dependencies.rb:169:in `file?': Insecure operation -
file? (SecurityError)

I can put a full error output here, but it's not needed.
I have tried to untaint() params variable and its values, but no
success.
 
Reply With Quote
 
 
 
 
rasfast@gmail.com
Guest
Posts: n/a
 
      08-27-2008
On 26 ΑΧΗ, 21:04, (E-Mail Removed) wrote:
> I can put a full error output here, but it's not needed.


Here is a full error report:
mod_ruby: error in ruby
mod_ruby: /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/
active_support/dependencies.rb:169:in `file?': Insecure operation -
file? (SecurityError)
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:169:in `search_for_file'
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:167:in `each'
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:167:in `search_for_file'
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:258:in `load_missing_constant'
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:483:in `const_missing'
mod_ruby: from ./pcapi.rb:6:in `new_session'
mod_ruby: from /home/gs/data/www/pc.gorodskidok.com/api/api.rbx:43
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:502:in `load'
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:502:in `load'
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:354:in `new_constants_in'
mod_ruby: from /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.0/
lib/active_support/dependencies.rb:502:in `load'
mod_ruby: from /usr/local/lib/ruby/site_ruby/1.8/apache/ruby-run.rb:
53:in `handler'


I have tried
$SAFE = 0
But it returns a error that security level cannot be downgraded
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Insecure operation - chdir Yang Zhang Ruby 4 06-01-2010 08:51 AM
Boolean operation and arithmetic operation Buzz Lightyear C++ 10 08-12-2009 01:27 PM
I/O operation, file operation behaviou raan C++ 2 08-16-2007 07:13 PM
Does bit operation always work more efficiently than math operation? david ullua C Programming 13 03-01-2006 11:02 PM
Help untaining the command. Insecure dependency in `` ... setuid danpres2k Perl 0 08-13-2003 03:21 PM



Advertisments