[PATCH] freeze required_paths in gem_prelude.rb

Ruby Development
1

e$B;38}$H?=$7$^$9!#e(B
1.9 e$B$K$*$$$F%;!<%U%l%Y%ke(B4e$B4D6-$+$ie(B $LOAD_PATH
e$B$N=q$-49$($i$l$k$N$rKI;_$9$k%Q%C%A$rEj9FCW$7$^$9!#e(B

e$B8=:_e(B 1.9 e$B$G$Oe(B gem_prelude.rb e$B$K$*$$$FDI2C$5$l$F$$$ke(B
gem e$B$N3F%Q%9$,e(B freeze
e$B$5$l$F$$$J$$$?$a!"<!$N$h$&$K$7$F%;!<%U%l%Y%ke(B4e$B4D6-$+$ie(B
$LOAD_PATH e$B$r=q$-49$($i$l$k2DG=@-$,$"$j$^$9!#e(B

Thread.new do
$SAFE = 4
eval %q{
$LOAD_PATH.each do |path|
if path.tainted? and not path.frozen?
path.replace("/usr/lib")
end
end
}
end.join

gem
e$B$N3F%Q%9$r=q$-49$($k$3$H$NMxE@$O$J$$$H;W$$$^$9$N$G!"$3$l$i$OM=$ae(B
freeze e$B$7$F$*$/$N$,NI$$$H;W$o$l$^$9!#$$$+$,$G$7$g$&$+!#e(B

Index: gem_prelude.rb

— gem_prelude.rb (revision 17572)
+++ gem_prelude.rb (working copy)
@@ -174,6 +174,9 @@
unless require_paths.empty?
require_paths.first.instance_variable_set(:@gem_prelude_index,
true)
end
+

  •    require_paths.each {|path| path.freeze }

  •    # gem directories must come after -I and ENV['RUBYLIB']
   $:[$:.index(ConfigMap[:sitelibdir]),0] = require_paths
 end

e$BKL3$F;Bg3XBg3X1!J83X8&5f2J@lLg8&5f0we(B
e$B;38}7DB@e(B
[email protected]

2

e$B1sF#$G$9!#e(B

2008/06/25 22:11 Keita Y. [email protected]:

1.9 e$B$K$*$$$F%;!<%U%l%Y%ke(B4e$B4D6-$+$ie(B $LOAD_PATH e$B$N=q$-49$($i$l$k$N$rKI;_$9$k%Q%C%A$rEj9FCW$7$^$9!#e(B

e$B$4Js9p!u%Q%C%A$NEj9F$"$j$,$H$&$4$6$$$^$9!#e(B

e$BBh;0<TE*0U8+$G$9$,!"$3$N$h$&$K@H<e@-$K$J$j$=$&$JOC$Oe(B
[email protected]
e$B$KEj9F$7$FD:$/J}$,$$$$$+$H;W$$$^$9!#e(B

e$B$h$m$7$/$*4j$$$7$^$9!#e(B

3

e$B$^$D$b$He(B e$B$f$-$R$m$G$9e(B

In message “Re: [ruby-dev:35228] Re: [PATCH] freeze required_paths in
gem_prelude.rb”
on Wed, 25 Jun 2008 23:00:43 +0900, “Yusuke ENDOH” [email protected]
writes:

|2008/06/25 22:11 Keita Y. [email protected]:
|> 1.9 e$B$K$*$$$F%;!<%U%l%Y%ke(B4e$B4D6-$+$ie(B $LOAD_PATH e$B$N=q$-49$($i$l$k$N$rKI;_$9$k%Q%C%A$rEj9FCW$7$^$9!#e(B
|
|e$B$4Js9p!u%Q%C%A$NEj9F$"$j$,$H$&$4$6$$$^$9!#e(B

e$B;d$+$i$b$Ni$r8@$$$^$9!#$3$N%Q%C%A$O<h$j9~$s$G$$-$^$9$M!#e(B

|e$BBh;0<TE*0U8+$G$9$,!"$3$N$h$&$K@H<e@-$K$J$j$=$&$JOC$Oe(B
| [email protected]
|e$B$KEj9F$7$FD:$/J}$,$$$$$+$H;W$$$^$9!#e(B

e$B%;!<%U%l%Y%ke(B4e$B$K4X$7$F$O$3$A$i$G$b9=$o$J$$$H;W$$$^$9!#@5D>$Je(B
e$B$H$3$m!“%;!<%U%l%Y%ke(B4e$B$O!VEXNOL\I8!WE*$J$H$3$m$b$”$j$^$9$+$i!#e(B

e$B$G!“A0!9$+$i$3$Ne(Btainte$B$5$l$?%*%V%8%'%/%H$r=q$-49$($i$l$k$3$He(B
e$B$O5$$K$J$C$F$$$F!“30It$+$iF~NO$5$l$?$3$H$KM3Mh$9$ke(Btainte$B$H!“e(B
e$B%;!<%U%l%Y%ke(B3e$B0[>o$G@8@.$5$l$?$3$H$KM3Mh$9$ke(Btainte$B$OJ,N%$7$?J}e(B
e$B$,$h$$$N$G$O$J$$$+$H$b9M$($F$$$^$9!#$7$+$7!”:#EY$O%f!<%6$KFse(B
e$B<oN`$N1x@w$rG’CN$7$F$b$i$&I,MW$,$”$k$o$1$G!”$=$l$>$l$KL>A0$be(B
e$BI,MW$G$9$7!“$=$l$O$=$l$G:$Fq$JF;$@$h$J$”$H;W$&$H$3$m$G$b$"$je(B
e$B$^$9!#e(B

                            e$B$^$D$b$He(B e$B$f$-$R$me(B /:|)
4

e$BKNIt$G$9!#e(B

Yukihiro M. e$B$5$s$O=q$-$^$7$?e(B:

|e$BBh;0<TE*0U8+$G$9$,!"$3$N$h$&$K@H<e@-$K$J$j$=$&$JOC$Oe(B
| [email protected]
|e$B$KEj9F$7$FD:$/J}$,$$$$$+$H;W$$$^$9!#e(B

e$B%;!<%U%l%Y%ke(B4e$B$K4X$7$F$O$3$A$i$G$b9=$o$J$$$H;W$$$^$9!#e(B

e$B$s$J$o$-$c$J$$$G$9!#E,Ev$J$3$H$r8@$o$J$$$G$/$@$5$$!#$I$3$+$iJ($$$F=P$?OCe(B
e$B$G$9$+$=$l$O!#e(B

5

e$BKNIt$G$9!#e(B

Yukihiro M. e$B$5$s$O=q$-$^$7$?e(B:

Rubye$B3+H/$N=i4|$+$i!"%;!<%U%l%Y%ke(B4e$B$N40A4@-$rJ]>Z$7$?$3$H$O$J$$e(B
e$B$O$:$G$9!#$"$l$O$"$/$^$G$b;29MDxEY$NB8:_$G$9!#J]>Z$7$F$J$$0Be(B
e$BA4@-$N7g4Y$re(Bsecuritye$B$GHs8x3+$K5DO@$7$J$1$l$P$J$i$J$$M}M3$O$Je(B
e$B$$$N$G$O!#e(B

e$B$^$D$b$H$5$s$NCf$GM-;K0JMhe(BRubye$B$N=t5!G=$N$&$A$G0BA4@-$NJ]>Z$re(Be$B$D$1$?e(Be$BNc$,e(B
e$B$"$k$N$J$i!"$=$N7o$K4X$7$F>$7$/Nc<($7$F$$$?$@$-$?$$$G$9$M!#2DG=$J$iJ;$;e(B
e$B$Fe(BCOPYINGe$B$Ne(BChapter 6e$B$b2r@b$7$F$/$@$5$$!#e(B

6

e$B$^$D$b$He(B e$B$f$-$R$m$G$9e(B

In message “Re: [ruby-dev:35233] Re: [PATCH] freeze required_paths in
gem_prelude.rb”
on Thu, 26 Jun 2008 01:29:35 +0900, Urabe S.
[email protected] writes:

|Yukihiro M. e$B$5$s$O=q$-$^$7$?e(B:
|> |e$BBh;0<TE*0U8+$G$9$,!"$3$N$h$&$K@H<e@-$K$J$j$=$&$JOC$Oe(B
|> | [email protected]
|> |e$B$KEj9F$7$FD:$/J}$,$$$$$+$H;W$$$^$9!#e(B
|>
|> e$B%;!<%U%l%Y%ke(B4e$B$K4X$7$F$O$3$A$i$G$b9=$o$J$$$H;W$$$^$9!#e(B
|
|e$B$s$J$o$-$c$J$$$G$9!#E,Ev$J$3$H$r8@$o$J$$$G$/$@$5$$!#$I$3$+$iJ($$$F=P$?OCe(B
|e$B$G$9$+$=$l$O!#e(B

Rubye$B3+H/$N=i4|$+$i!“%;!<%U%l%Y%ke(B4e$B$N40A4@-$rJ]>Z$7$?$3$H$O$J$$e(B
e$B$O$:$G$9!#$”$l$O$"$/$^$G$b;29MDxEY$NB8:_$G$9!#J]>Z$7$F$J$$0Be(B
e$BA4@-$N7g4Y$re(Bsecuritye$B$GHs8x3+$K5DO@$7$J$1$l$P$J$i$J$$M}M3$O$Je(B
e$B$$$N$G$O!#e(B

7

e$B$^$D$b$He(B e$B$f$-$R$m$G$9e(B

In message “Re: [ruby-dev:35235] Re: [PATCH] freeze required_paths in
gem_prelude.rb”
on Thu, 26 Jun 2008 03:09:02 +0900, Urabe S.
[email protected] writes:

|Yukihiro M. e$B$5$s$O=q$-$^$7$?e(B:
|> Rubye$B3+H/$N=i4|$+$i!“%;!<%U%l%Y%ke(B4e$B$N40A4@-$rJ]>Z$7$?$3$H$O$J$$e(B
|> e$B$O$:$G$9!#$”$l$O$“$/$^$G$b;29MDxEY$NB8:_$G$9!#J]>Z$7$F$J$$0Be(B
|> e$BA4@-$N7g4Y$re(Bsecuritye$B$GHs8x3+$K5DO@$7$J$1$l$P$J$i$J$$M}M3$O$Je(B
|> e$B$$$N$G$O!#e(B
|
|e$B$^$D$b$H$5$s$NCf$GM-;K0JMhe(BRubye$B$N=t5!G=$N$&$A$G0BA4@-$NJ]>Z$re(Be$B$D$1$?e(Be$BNc$,e(B
|e$B$”$k$N$J$i!"$=$N7o$K4X$7$F>$7$/Nc<($7$F$$$?$@$-$?$$$G$9$M!#e(B

e$B$$$d!“$J$$$G$9$M!#$,!”%;!<%U%l%Y%ke(B4e$B$O$h$j@Q6KE*$K!VJ]>Z$7$J$$!We(B
e$B$HL@<($7$?DA$7$$Nc$G$"$k$3$H$b;v<B$G$9!#e(B

e$B$A$e!<$+!“$J$s$G$be(Bsecuritye$B$G%/%m!<%:$K5DO@$9$k$N$O$”$s$^$jK>e(B
e$B$^$7$/$J$$$s$8$c$J$$$+$H;W$&$o$1$G$9!#<B:]$K$G$-$??M$O$$$J$$e(B
e$B$N$Ke(Binteger overflowe$B$G!VG$0U$N%3!<%I$,<B9T2DG=!W$H$+8@$o$l$?e(B
e$B$j!"$*$+$2$G9-$/%F%9%H$,$G$-$J$/$F!Ve(BRailse$B$,F0$+$M!<!W$H$+J86ge(B
e$B8@$o$l$?$j!#$J$s$@$+IT7rA4$J5$$,$7$^$9!#e(B

e$B;d<+?H$G$b6qBNE*$J@~0z$-$,$G$-$F$$$k$o$1$G$O$J$$$G$9$,!“>/$Je(B
e$B$/$H$b%;!<%U%l%Y%ke(B4e$B$O%/%m!<%:$J5DO@BP>]$+$i30$l$k$N$G$O$J$$$+e(B
e$B$H!#$”$H!"C1$J$ke(Bsegmentation
faulte$B$J$I$re(BDOSe$B$H>N$7$Fe(Bsecuritye$BAwe(B
e$B$j$K$9$k$N$b$I$&$+$H!#e(B

                            e$B$^$D$b$He(B e$B$f$-$R$me(B /:|)
8

e$B;38}$G$9!#e(B

e$B3’MM?’!9$*A{$,$;$7$F$7$^$C$?$h$&$G?=$7Lu$"$j$^$;$s!#e(B

|e$BBh;0<TE*0U8+$G$9$,!"$3$N$h$&$K@H<e@-$K$J$j$=$&$JOC$Oe(B
| [email protected]
|e$B$KEj9F$7$FD:$/J}$,$$$$$+$H;W$$$^$9!#e(B

e$B%;!<%U%l%Y%ke(B4e$B$K4X$7$F$O$3$A$i$G$b9=$o$J$$$H;W$$$^$9!#@5D>$Je(B
e$B$H$3$m!"%;!<%U%l%Y%ke(B4e$B$O!VEXNOL\I8!WE*$J$H$3$m$b$"$j$^$9$+$i!#e(B

e$B:#2s$N%Q%C%A$b:G=i$O1sF#$5$s$,$*65$(2<$5$C$?Ak8}$KAw$m$&$+$H9M$($?$N$G$9$,!“6K$a$FFC<l$J>l9g$K$b$7$+$7$F2?$i$+$NLdBj$K$D$J$,$k$+$bCN$l$J$$$H$$$&DxEY$NOC$@$H;W$$$^$7$?$N$G!”$3$A$i$Ne(BMLe$B$KAw$j$^$7$?!#$^$D$b$H$5$s$,e(BOKe$B$r2<$5$$$^$7$?$+$i!":#8e$b%;!<%U%l%Y%ke(B4e$B4X78$K$D$$$F$N%Q%C%A$r$3$A$i$KAw$i$;$FD:$-$?$$$H;W$$$^$9!#$"$j$,$H$&$4$6$$$^$7$?!#e(B

9

e$BA0ED$G$9!#e(B

2008/06/26 10:03 Urabe S. [email protected]:

e$BJs9p<T$K$Oe(B

Yusuke ENDOH e$B$5$s$O=q$-$^$7$?e(B:

e$B$3$N$h$&$K@H<e@-$K$J$j$=$&$JOC$Oe(B
[email protected]
e$B$KEj9F$7$FD:$/J}$,$$$$$+$H;W$$$^$9!#e(B

e$B$^$5$K$3$l0J>e$NH=CG$rMW5a$9$Y$-$G$O$"$j$^$;$s!#e(B

e$B;d$bLB$C$?$i$H$j$“$($:e(Bsecurity
MLe$B$K%a!<%k$r$$$?$@$/$N$,$h$$$H;W$$$^$9!#e(B
e$BI,MW$G$”$l$P!"2f!9$NH=CG$Ge(Bruby-deve$B$K0\F0$7$F5DO@$9$l$P$h$$$G$9$h$M!#e(B

e$B8=>u$G$O==J,$K>e<j$/5!G=$7$F$$$k$H$O8@$($J$$$+$b$7$l$^$;$s$,!“BP1~$Ne(B
e$BJ}8~@-$H$7$F$O4V0c$C$F$$$J$$$N$G$O$J$$$G$7$g$&$+!#e(B
e$B$$$m$$$m2~A1$9$Y$-E@$O$”$j$^$9$,!"$A$g$C$H$:$DNI$/$7$F9T$-$?$$$H;W$$$^$9!#e(B

10

e$BKNIt$G$9!#e(B

Yukihiro M. e$B$5$s$O=q$-$^$7$?e(B:

|e$B$^$D$b$H$5$s$NCf$GM-;K0JMhe(BRubye$B$N=t5!G=$N$&$A$G0BA4@-$NJ]>Z$re(Be$B$D$1$?e(Be$BNc$,e(B
|e$B$"$k$N$J$i!"$=$N7o$K4X$7$F>$7$/Nc<($7$F$$$?$@$-$?$$$G$9$M!#e(B

e$B$$$d!"$J$$$G$9$M!#$,!"%;!<%U%l%Y%ke(B4e$B$O$h$j@Q6KE*$K!VJ]>Z$7$J$$!We(B
e$B$HL@<($7$?DA$7$$Nc$G$"$k$3$H$b;v<B$G$9!#e(B

e$B$J$s$@$=$j$c!#$8$c$"$=$NJU$KE>$,$C$F$ke(BArray#replacee$B$H$+$N5!G=$h$j$be(B$SAFE
e$B$H$$$&$"$+$i$5$^$K%;%-%e%j%F%#$K4XO"$7$F$$$k5!G=$NJ}$,$h$j4m$J$$$C$F$3$He(B
e$B$G$9$+e(B?e$B$=$NH/A[$O26$K$O$J$$$G$9!#@_7W$H$7$FGKC>$7$F$$$^$9!#e(B

e$B$A$e!<$+!"$J$s$G$be(Bsecuritye$B$G%/%m!<%:$K5DO@$9$k$N$O$"$s$^$jK>e(B
e$B$^$7$/$J$$$s$8$c$J$$$+$H;W$&$o$1$G$9!#<B:]$K$G$-$??M$O$$$J$$e(B
e$B$N$Ke(Binteger overflowe$B$G!VG$0U$N%3!<%I$,<B9T2DG=!W$H$+8@$o$l$?e(B
e$B$j!"e(B

e$B<B9T$G$-$k$+$b$7$i$s$+$ie(BSecurity
Issuee$B$H$7$FJs9p$5$l$?$s$G$7$g$&!#<B:]$Ke(B
e$BG$0U$N%3!<%I$,<B9T2DG=$@$C$?>l9g$N1F6A$r9M$($l$P$H$F$b$H$F$bBEEv$J9TF0$@e(B
e$B$7!"$=$l$G<B:]$KG$0U$N%3!<%I$,<B9T2DG=$+$I$&$+$,H=CG$G$-$J$+$C$?$N$O;dC#e(B
e$B$,%W%m%0%i%^$H$7$F$=$N0h$KC#$7$F$$$J$$$+$i$G!“Js9p<T$O2?$b0-$/$J$$$G$9!#e(B
e$B%/%m!<%:%I$J>l=j$K%]%9%H$7$?$3$H$GJs9p<T$rHsFq$9$k$D$b$j$J$i!”$=$l$K$O@<e(B
e$B$rBg$K$7$FH?O@$7$^$9!#7+$jJV$7$^$9$,F,$,0-$+$C$?$N$OH`$i$G$O$J$/!"26$i$G$9!#e(B

e$B$*$+$2$G9-$/%F%9%H$,$G$-$J$/$F!Ve(BRailse$B$,F0$+$M!<!W$H$+J86ge(B
e$B8@$o$l$?$j!#$J$s$@$+IT7rA4$J5$$,$7$^$9!#e(B

e$B$J$s$@e(BRailse$B$,F0$+$J$$$H$+$$$&7o$O$^$D$b$H$5$s$bG’<1$7$F$?$N$+!#$J$s$+>pe(B
e$BJs$H$+=$@5$H$+$*;}$A$@$C$?$j$7$^$9e(B?

e$B;d<+?H$G$b6qBNE*$J@~0z$-$,$G$-$F$$$k$o$1$G$O$J$$$G$9$,!">/$Je(B
e$B$/$H$b%;!<%U%l%Y%ke(B4e$B$O%/%m!<%:$J5DO@BP>]$+$i30$l$k$N$G$O$J$$$+e(B
e$B$H!#$"$H!"C1$J$ke(Bsegmentation faulte$B$J$I$re(BDOSe$B$H>N$7$Fe(Bsecuritye$BAwe(B
e$B$j$K$9$k$N$b$I$&$+$H!#e(B

0-day attacke$B$rNL;:$9$k5$$G$9$+e(B?

e$B8DJL$N%1!<%9$rAj<j$7$F$k$H%-%j$,$J$$$N$GMWE@$@$1<gD%$7$H$-$^$9$,!"$=$&$$e(B
e$B$&!V!{!{$N>l9g$O%*!<%W%s!W$_$?$$$JH=CG$rJs9p<T$K2!$7IU$1$J$$$G$/$@$5$$!#%/e(B
e$B%m!<%:%I$J5DO@$NBP>]$K$O$J$i$J$$$HH=CG$9$k$Y$-$J$N$O$h$je(BRubye$B$N<BAu$K>$7e(B
e$B$$$O$:$Ne(BRuby Security
Teame$B$NB&$G$"$C$F!"Js9p<T$G$O$J$N$G$9!#%;%-%e%j%F%#e(B
e$BLdBj$+$I$&$+$r8+8m$C$Fe(B0-daye$B$,H/@8$7$?;~$KJs9p<T$,%?%32%$j$K$J$k$h$&$J>ue(B
e$B67$@$H0`=L$7$F$7$^$C$F=P$F$/$k$b$N$b=P$F$3$J$$$G$9!#$=$&$$$&$H$-$KHcH=$5e(B
e$B$l$k$N$O!VCf$N?M!W$@$1$G=<J,$G$9!#e(B

e$BJs9p<T$K$Oe(B

Yusuke ENDOH e$B$5$s$O=q$-$^$7$?e(B:

e$B$3$N$h$&$K@H<e@-$K$J$j$=$&$JOC$Oe(B
[email protected]
e$B$KEj9F$7$FD:$/J}$,$$$$$+$H;W$$$^$9!#e(B

e$B$^$5$K$3$l0J>e$NH=CG$rMW5a$9$Y$-$G$O$"$j$^$;$s!#e(B

11

e$B;38}$G$9!#e(B

e$B@hDx%;!<%U%l%Y%ke(B4e$B4X78$N%Q%C%A$O:#8e$b$3$Ne(BMLe$B$KAw$j$^$9$H=q$-$^$7$?$,!"e(B
e$BKNIt$5$s$N$40U8+$r;29M$K$7$^$9$H<+=M$7$?J}$,NI$5$=$&$N$J$N$Ge(B
e$B0l1~$d$a$F$*$/$3$H$K$7$^$9!#e(B

e$B$?$@$7%;!<%U%l%Y%ke(B4e$B4X78$N%Q%C%A$,8=:_<j85$Ke(B5e$B$DDx$"$j$^$9$N$G!"e(B
e$B$3$l$i$OA4$F<+J,$G$ODxEY$NH=CG$r$;$:$K%;%-%e%j%F%#!<%A!<%$KAw$j$^$9!#e(B e$B@5D>AjEv$I$&$G$b$$$$$H;W$($k$b$N$,$[$H$s$I$G$9$,!"e(B e$BKNIt$5$s$N$40U8+$K=>$$$^$7$F%A!<%$N3’MM$NH=CG$KG$$;$^$9!#e(B

e$B$*<j?t$rHQ$o$;$k$3$H$K$J$k$+$H;W$$$^$9$,$I$&$>$h$m$7$/$*4j$$CW$7$^$9!#e(B

e$B$J$*!"e(B

|e$B$^$D$b$H$5$s$NCf$GM-;K0JMhe(BRubye$B$N=t5!G=$N$&$A$G0BA4@-$NJ]>Z$re(Be$B$D$1$?e(Be$BNc$,e(B
|e$B$"$k$N$J$i!"$=$N7o$K4X$7$F>$7$/Nc<($7$F$$$?$@$-$?$$$G$9$M!#e(B

e$B$$$d!"$J$$$G$9$M!#$,!"%;!<%U%l%Y%ke(B4e$B$O$h$j@Q6KE*$K!VJ]>Z$7$J$$!We(B
e$B$HL@<($7$?DA$7$$Nc$G$"$k$3$H$b;v<B$G$9!#e(B

e$B$J$s$@$=$j$c!#$8$c$"$=$NJU$KE>$,$C$F$ke(BArray#replacee$B$H$+$N5!G=$h$j$be(B$SAFE
e$B$H$$$&$"$+$i$5$^$K%;%-%e%j%F%#$K4XO"$7$F$$$k5!G=$NJ}$,$h$j4m$J$$$C$F$3$He(B
e$B$G$9$+e(B?e$B$=$NH/A[$O26$K$O$J$$$G$9!#@_7W$H$7$FGKC>$7$F$$$^$9!#e(B

e$B$H$N$3$H$G$9$,!"0l1~8m2r$,@8$8$J$$$h$&$KJdB-$7$F$*$-$^$9!#e(B
e$B%;!<%U%l%Y%ke(B4e$B4D6-$O?.MQ$G$-$J$$%W%m%0%i%`$r<B9T$9$k$3$H$rA[Dj$7$F$$$^$9$N$Ge(B
e$B$3$l$r1?MQ$7$F$$$k>uBV$Oe(B Array#replace
e$B$h$j$O4m$J$$$N$G$O$J$$$+$H;W$o$l$^$9!#e(B
e$B<B:]$3$l$^$G$H$F$b4m81$@$C$?$o$1$G$9$h$M!#e(B

e$B%;!<%U%l%Y%ke(B4e$B4D6-$r1?MQ$9$k>l9g!"8=:_$N%;%-%e%j%F%#%b%G%k$K$*$$$F$O:GDc8Be(B

ObjectSpace.each_object(Object) do |obj|
obj.freeze if obj.tainted? and not object.frozen?
end

e$B$r;vA0$K9T$J$&$/$i$$$G$J$$$H2?$,5/$3$k$+J,$+$j$^$;$se(B
e$B!J5U$K8@$($PBgDq$3$l$GLdBj$r7Z8:$G$-$k$H;W$$$^$9!K!#e(B
e$B$=$&$$$&1?MQCN<1$,$3$l$^$G$"$^$jC_@Q$5$l$F$$$J$$$h$&$K;W$o$l$F;DG0$G$9!#e(B

12

e$B$^$D$b$He(B e$B$f$-$R$m$G$9e(B

In message “Re: [ruby-dev:35239] Re: [PATCH] freeze required_paths in
gem_prelude.rb”
on Thu, 26 Jun 2008 10:03:38 +0900, Urabe S.
[email protected] writes:

|> e$B$$$d!“$J$$$G$9$M!#$,!”%;!<%U%l%Y%ke(B4e$B$O$h$j@Q6KE*$K!VJ]>Z$7$J$$!We(B
|> e$B$HL@<($7$?DA$7$$Nc$G$“$k$3$H$b;v<B$G$9!#e(B
|
|e$B$J$s$@$=$j$c!#$8$c$”$=$NJU$KE>$,$C$F$ke(BArray#replacee$B$H$+$N5!G=$h$j$be(B$SAFE
|e$B$H$$$&$“$+$i$5$^$K%;%-%e%j%F%#$K4XO”$7$F$$$k5!G=$NJ}$,$h$j4m$J$$$C$F$3$He(B
|e$B$G$9$+e(B?e$B$=$NH/A[$O26$K$O$J$$$G$9!#@_7W$H$7$FGKC>$7$F$$$^$9!#e(B

e$B;38}$5$s$+$i$b;XE&$,$“$j$^$7$?$,!”%;!<%U%l%Y%ke(B4e$B$H$$$&$3$H$O%3!<e(B
e$B%I$,?.Mj$G$-$J$$$H$$$&$3$H$G$9$+$i!“?.Mj$G$-$k%3!<%I$+$i<B9Te(B
e$B$5$l$ke(BArray#replacee$B$h$j$b!”?.Mj$G$-$J$$%3!<%I$r<B9T$9$k%;!<%Ue(B
e$B%l%Y%ke(B4e$B$NJ}$,$h$j4m$J$$$N$O;d$N4QE@$+$i$OEvA3$K;W$($^$9!#e(B

|e$B8DJL$N%1!<%9$rAj<j$7$F$k$H%-%j$,$J$$$N$GMWE@$@$1<gD%$7$H$-$^$9$,!“$=$&$$e(B
|e$B$&!V!{!{$N>l9g$O%*!<%W%s!W$_$?$$$JH=CG$rJs9p<T$K2!$7IU$1$J$$$G$/$@$5$$!#%/e(B
|e$B%m!<%:%I$J5DO@$NBP>]$K$O$J$i$J$$$HH=CG$9$k$Y$-$J$N$O$h$je(BRubye$B$N<BAu$K>$7e(B
|e$B$$$O$:$Ne(BRuby Security Teame$B$NB&$G$”$C$F!"Js9p<T$G$O$J$N$G$9!#%;%-%e%j%F%#e(B
|e$BLdBj$+$I$&$+$r8+8m$C$Fe(B0-daye$B$,H/@8$7$?;~$KJs9p<T$,%?%32%$j$K$J$k$h$&$J>ue(B
|e$B67$@$H0`=L$7$F$7$^$C$F=P$F$/$k$b$N$b=P$F$3$J$$$G$9!#$=$&$$$&$H$-$KHcH=$5e(B
|e$B$l$k$N$O!VCf$N?M!W$@$1$G=<J,$G$9!#e(B

e$B%;!<%U%l%Y%ke(B4e$B$N7o$O$*$$$H$/$H$7$F!“$=$l0J30$N>l9g$K!V@H<e@-$Ke(B
e$B4X78$”$j$=$&$J$ie(Bsecuritye$B!W$H$$$&86B’$KH?BP$9$k$D$b$j$O$"$j$^e(B
e$B$;$s$7!“JQ99$9$k$Y$-$@$H9M$($F$$$k$o$1$G$b$”$j$^$;$s!#:#8e$be(B
e$B$=$N$h$&$K1?MQ$9$k$Y$-$@$H;W$$$^$9!#e(B

e$B$,!“$3$A$i$G!VG$0U$N%3!<%I$r<B9T$G$-$=$&$K$J$$!W!”!V%;%-%e%je(B
e$B%F%#>e=EMW$JLdBj$G$O$J$$!W$H;W$C$?;~E@$G@Q6KE*$K8x3+%P%0=$@5e(B
e$B$K@Z$jBX$($F$b$h$+$C$?$s$8$c$J$$$+$H;W$$$^$9!#;d$NM}2r$,@5$7e(B
e$B$1$l$P:#2s$N$OC1$J$ke(Binteger
overflowe$B$G!"$3$l$^$G$be(Bruby-deve$B$Je(B
e$B$I$GIaDL$KBP1~$7$F$-$?$b$N$HF1:,$G$7$?!#e(B

e$BA0$N%a!<%k$G!Ve(Bsecuritye$BAw$j!W$J$I$H$$$&I=8=$r;H$C$F8m2r$r>7$$e(B
e$B$?$3$H$O<U:a$7$^$9!#??0U$O!Ve(Bsecuritye$B$KJs9p$5$l$?$+$i$H$$$&M}e(B
e$BM3$G$$$D$^$G$b%/%m!<%:$GBP1~$7B3$1$k$N$O$I$&$+!W$G$7$?!#e(B

                            e$B$^$D$b$He(B e$B$f$-$R$me(B /:|)
13

e$B$^$D$b$He(B e$B$f$-$R$m$G$9e(B

In message “Re: [ruby-dev:35239] Re: [PATCH] freeze required_paths in
gem_prelude.rb”
on Thu, 26 Jun 2008 10:03:38 +0900, Urabe S.
[email protected] writes:

|e$B$J$s$@e(BRailse$B$,F0$+$J$$$H$+$$$&7o$O$^$D$b$H$5$s$bG’<1$7$F$?$N$+!#$J$s$+>pe(B
|e$BJs$H$+=$@5$H$+$*;}$A$@$C$?$j$7$^$9e(B?

e$BKNIt$5$s$,$b$C$F$$$k0J>e$N>pJs$O$J$$$H;W$$$^$9!#e(B

http://redmine.ruby-lang.org/issues/show/199

e$B$G$bJs9p$5$l$F$$$^$9$,!"$=$N%Q%C%A$G$OLdBj$O2r7h$7$J$$$s$G$7e(B
e$B$?$h$M!#e(B

14

e$BKNIt$G$9!#e(B

Yukihiro M. e$B$5$s$O=q$-$^$7$?e(B:

e$B$,!"$3$A$i$G!VG$0U$N%3!<%I$r<B9T$G$-$=$&$K$J$$!W!"!V%;%-%e%je(B
e$B%F%#>e=EMW$JLdBj$G$O$J$$!W$H;W$C$?;~E@$G@Q6KE*$K8x3+%P%0=$@5e(B
e$B$K@Z$jBX$($F$b$h$+$C$?$s$8$c$J$$$+$H;W$$$^$9!#;d$NM}2r$,@5$7e(B
e$B$1$l$P:#2s$N$OC1$J$ke(Binteger overflowe$B$G!"$3$l$^$G$be(Bruby-deve$B$Je(B
e$B$I$GIaDL$KBP1~$7$F$-$?$b$N$HF1:,$G$7$?!#e(B

e$B$3$NE@$K$OF10U$7$^$9!#$b$C$H$O$d$/$K6<0R$NE*3N$J8+@Q$j$,$G$-$?$i$h$+$C$?e(B
e$B$H;W$$$^$9!#e(B