Dne 22. 01. 19 v 9:59 Mamoru TASAKA napsal(a):

3  postgresql-plruby-0.5.7-1.fc30.src.rpm
   Build fails: https://koji.fedoraproject.org/koji/taskinfo?taskID=32181377
   Succeeds for rawhide (ruby2.5)  https://koji.fedoraproject.org/koji/taskinfo?taskID=32181375
+ ruby extconf.rb --vendor --with-safe-level=1 --with-pg-config=/usr/bin/pg_server_config
BUILDSTDERR: extconf.rb:175:in `directory?': Insecure operation - directory? (SecurityError)
    Perhaps related to ruby changes with regard to security model.

This is interesting issue. It fails at this line:


Similar reproducer IMO could be:


$ ruby -e '$SAFE=1; Dir.foreach(".") {|d| File.directory?(d)}'


This fails on Ruby 2.5 as well as Ruby 2.6, what is somehow expected given that the `d` is tainted. However, how comes that it passes in the extconf.rb for Ruby 2.5?

IOW the workarond/fix could be as simple as `dir.untaint` but it does not explain why it worked and does not work anymore :/ Thoughts?