ruby 1.8.5 and 1.9 I have a script that I am trying to run as setuid. I've created a simple C wrapper program for it that calls exec and invokes the script. This wrapper program is set to another user (not root), chmod 4755. The directory where the wrapper and script is chowned to root, with 0755. The script runs fine, with a taint level of 1. However, any: require 'something' fails with: in `require': Insecure operation - require (SecurityError) as if the string was tainted. Unfortunately, ruby does not seem too helpful in explaining what the issue is. --- I also replaced the script with a two line script in Perl, and Perl allows me to require any of its modules just fine. --- Any ideas?
on 2007-06-17 13:01