Hello all,
This is a summary for last week on the ruby-dev mailing list.
[ruby-dev:19837] [BUG] (0…3).max/ruby-1.8.0 preview2
Shin-ichiro HARA pointed out that (0…3).max is 3 in
ruby-1.8.0 preview2. Matz replied it’s not a bug, but
change of spec. Shin Nishiyama commented it troublesome
that 0…3 have two interpretation, a discrete set of
{0,1,2,3} or a countinous interval {x| 0<x<3}. Matz
agreed, but he said he could not be helped.
[ruby-dev:19828] Re: [Oniguruma] Version 1.8.4
Tanaka Akira requested for Oniguruma to support Java’s class
set operation.
http://java.sun.com/j2se/1.4/docs/api/java/util/regex/Pattern.html
But ‘[’ in character class conflicts with raw character ‘[’.
So Tanaka added a request that raw character ‘[’, ‘]’ and '-'
in character class must be escaped by ‘’.
[ruby-dev:19865] dl in $SAFE=4
Minero Aoki noticed that any user can execute arbitrary command
with an external library ‘dl’ regardless of $SAFE(safe level).
require ‘dl’
$SAFE = 4
DL.dlopen(‘libc.so.6’).sym(‘system’, ‘IS’).call("/bin/sh")
#=> execute shell
It may be a vulnerability issue and this behavior will be
changed in the near future.
Regards,
TAKAHASHI ‘Maki’ Masayoshi E-mail: maki@rubycolor.org