Two MRI security vulnerabilities in Ruby 1.8 and 1.9

Two security fixes have been released for Ruby today. The first vulnerability affects the FileUtils.remove_entry_secure method which allowed local users to delete arbitrary files and directories. The second one affects the $SAFE level.

FileUtils.remove_entry_secure

This affects Ruby versions 1.8.6 (420), 1.8.7 (330), 1.9.1 (430), 1.9.2 (136) and the development versions. The problem has been fixed and is available for download.

$SAFE vulnerability

This affects only 1.8 Ruby versions. Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings. The variable $SAFE determines Ruby’s level of paranoia. This problem has also been fixed.