ruby-dev summary 22012-22103

M

Minero Aoki

Hi all,

This is a summary of ruby-dev ML in these days.


[ruby-list:38619] dl and Win32 API call
[ruby-dev:22012] Re: [ruby-list:38619] dl and Win32 API call

arton reported dl.so problem on win32 systems.
On win32 systems, API callee pops arguments from machine stack.
But dl.so (API caller) pops arguments on all platforms, it breaks
the stack.

Tietew posted a patch in [ruby-dev:21991], and Takaaki Tateishi,
dl.so maintainer, incorporated this patch.

[ruby-dev:22013] HTTP_PROXY

TANAKA Akira introduced following web page:

http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0072.html

This page describes the security hole about HTTP_PROXY. HTTP server
overwrite CGI programs' HTTP_* environment variables by request
headers, HTTP_PROXY is overwritten by Proxy: HTTP header.
So HTTP clients can overwrite HTTP_PROXY environment variable.
If CGI programs use HTTP library and the library uses HTTP_PROXY,
it causes security problem.

Akira pointed out some standard libraries uses HTTP_PROXY without
checking. Related libraries are:

* open-uri.rb (maintainer: TANAKA Akira)
* SOAP4R (maintainer: NAKAMURA Hiroshi aka NaHi)
* (net/http) (maintainer: Minero Aoki)

Akira (open-uri maintainer) decided to check if the library is
used in CGI programs, by referring to REQUEST_METHOD environment
variable.

NaHi (SOAP4R maintainer) decided to see soap_use_proxy environment
variable. If ENV['soap_use_proxy'] is set, SOAP4R uses HTTP_PROXY,
no_proxy, and other environment variables.

At the end, Minero Aoki (net/http maintainer) decided to keep current
behavior... never rely on HTTP_PROXY environment variable. If you
want to use proxy, set it explicitly. open-uri is preferable for
"handy" use.

See each CVS HEAD source code for details.

[ruby-dev:22019] $stdout/$stderr must respond to IO methods?

Currently You can set any object to $stdout/$stderr if only the
object has #write method. e.g.

class StdoutLogging
def write(str)
File.open('/tmp/log', 'a') {|f| f.print str }
end
end
$stdout = StdoutLogging.new

Tietew pointed out that this protocol does not assure that
following code works:

$stderr.print 'warning: does not use this method'

He suggested to make new module such as IO::Writable, which defines
I/O methods using #write method.

[ruby-dev:22057] drb/drb.rb document

Minero Aoki suggested that "require 'drb'" is better than
"require 'drb/drb'". SEKI Masatoshi, drb maintainer, replied
that he choose "require 'drb/drb'".

[ruby-dev:22067] exit value as boolean

Nobu.nakada proposed new semantics of Kernel#exit.
"exit true" means "exit(EXIT_SUCCESS)" in C,
"exit false" means "exit(EXIT_FAILURE)".
Matz agreed with him and incorporated a patch.

[ruby-dev:22071] Dir.glob and shift_jis

H.Yamamoto posted a patch to allow Dir.glob searching files which
name includes native language characters. The latest patch is
attached to [ruby-dev:22104].


-- Minero Aoki
 
D

daz

Minero said:
Hi all,

This is a summary of ruby-dev ML in these days.

[...]

[ruby-dev:22057] drb/drb.rb document

Minero Aoki suggested that "require 'drb'" is better than
"require 'drb/drb'". SEKI Masatoshi, drb maintainer, replied
that he choose "require 'drb/drb'".

Thinking about 'ri/ri' and 'rdoc/rdoc', I was going to suggest a
compromise; until I found this on my (Win32) install:

< \lib\ruby\1.8\drb.rb >
require 'drb/drb'
</>

*Exactly* what I was going to suggest.

require 'drb'
... does ... require 'drb/drb'

A separate directory for the maintainer and no need
for the user to remember to type 'NewYork/NewYork' [1].


daz

[1] "So good they named it twice".
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,968
Messages
2,570,154
Members
46,702
Latest member
LukasConde

Latest Threads

Top