June 2024 - ruby-core - ml.ruby-lang.org

[ruby-core:118236] [Ruby master Feature#6648] Provide a standard API for retrieving all command-line flags passed to Ruby
by Dan0042 (Daniel DeLorme) 07 Jun '24

07 Jun '24

Issue #6648 has been updated by Dan0042 (Daniel DeLorme). shyouhei (Shyouhei Urabe) wrote in #note-26: > In short the problem we see is feeding strings from untrusted sources to generic `Kernel#exec`. Sounds ultra risky, no? It also sounds nothing like what this proposal is about. If the current script was executed with `ruby --enable=jit foo.rb` then it is, by definition, safe to run `exec("ruby", "--enable=jit", "foo.rb")` It's already possible to run `exec("ruby", "foo.rb")`; changing it to `exec("ruby", *RbConfig.ruby_args, "foo.rb")` does not reduce security, in fast it **increases** security. ---------------------------------------- Feature #6648: Provide a standard API for retrieving all command-line flags passed to Ruby https://bugs.ruby-lang.org/issues/6648#change-108736 * Author: headius (Charles Nutter) * Status: Assigned * Assignee: matz (Yukihiro Matsumoto) ---------------------------------------- Currently there are no standard mechanisms to get the flags passed to the currently running Ruby implementation. The available mechanisms are not ideal: * Scanning globals and hoping they have not been tweaked to new settings * Using external wrappers to launch Ruby * ??? Inability to get the full set of command-line flags, including flags passed to the VM itself (and probably VM-specific) makes it impossible to launch subprocess Ruby instances with the same settings. A real world example of this is "((%bundle exec%))" when called with a command line that sets various flags, a la ((%jruby -Xsome.vm.setting --1.9 -S bundle exec%)). None of these flags can propagate to the subprocess, so odd behaviors result. The only option is to put the flags into an env var (((|JRUBY_OPTS|)) or ((|RUBYOPT|))) but this breaks the flow of calling a simple command line. JRuby provides mechanisms to get all its command line options, but they require calling Java APIs from Ruby's API set. Rubinius provides its own API for accessing comand-line options, but I do not know if it includes VM-level flags as well as standard Ruby flags. I know there is a (({RubyVM})) namespace in the 2.0 line. If that namespace is intended to be general-purpose for VM-level features, it would be a good host for this API. Something like... ``` class << RubyVM def vm_args; end # returns array of command line args *not* passed to the target script def script; end # returns the script being executed...though this overlaps with $0 def script_args; end # returns args passed to the script...though this overlaps with ARGV, but that is perhaps warranted since ARGV can be modified (i.e. you probably want the original args) end ``` -- https://bugs.ruby-lang.org/

1 0

[ruby-core:116117] [Ruby master Misc#20170] Drop support for GCC < 11
by kddnewton (Kevin Newton) 07 Jun '24

07 Jun '24

Issue #20170 has been reported by kddnewton (Kevin Newton). ---------------------------------------- Misc #20170: Drop support for GCC < 11 https://bugs.ruby-lang.org/issues/20170 * Author: kddnewton (Kevin Newton) * Status: Open * Priority: Normal ---------------------------------------- Right now, CI compiles everything from GCC 7+. However, GCC 7-10 are all end-of-life and no longer supported. We should drop support for the end-of-life compilers. -- https://bugs.ruby-lang.org/

4 5

[ruby-core:118234] [Ruby master Feature#18773] deconstruct to receive a range
by kddnewton (Kevin Newton) 07 Jun '24

07 Jun '24

Issue #18773 has been updated by kddnewton (Kevin Newton). Status changed from Assigned to Rejected Going to close this, as I think it should be fixed in other ways. ---------------------------------------- Feature #18773: deconstruct to receive a range https://bugs.ruby-lang.org/issues/18773#change-108733 * Author: kddnewton (Kevin Newton) * Status: Rejected * Assignee: ktsj (Kazuki Tsujimoto) ---------------------------------------- Currently when you're pattern matching against a hash pattern, `deconstruct_keys` receives the keys that are being matched. This is really useful for computing expensive hashes. However, when you're pattern matching against an array pattern, you don't receive any information. So if the array is expensive to compute (for instance loading an array of database records), you have no way to bail out. It would be useful to receive a range signifying how many records the pattern is specifying. It would be used like the following: ```ruby class ActiveRecord::Relation def deconstruct(range) (loaded? || range.cover?(count)) ? records : nil end end ``` It needs to be a range and not just a number to handle cases where `*` is used. You would use it like: ```ruby case Person.all in [] "No records" in [person] "Only #{person.name}" else "Multiple people" end ``` In this way, you wouldn't have to load the whole thing into memory to check if it pattern matched. The patch is here: https://github.com/ruby/ruby/pull/5905. -- https://bugs.ruby-lang.org/

1 0

[ruby-core:118232] [Ruby master Bug#14480] miniruby crashing when compiled with -O2 or -O1 on aarch64
by vo.x (Vit Ondruch) 07 Jun '24

07 Jun '24

Issue #14480 has been updated by vo.x (Vit Ondruch). I don't understand why this change was applied. This should be either enabled everywhere or disabled everywhere, not enabled on some random platforms. Please note that this should not be issue on aarch64 for a while. Or was the issue exhibited somewhere recently? The commit does not elaborate about it. ---------------------------------------- Bug #14480: miniruby crashing when compiled with -O2 or -O1 on aarch64 https://bugs.ruby-lang.org/issues/14480#change-108728 * Author: vo.x (Vit Ondruch) * Status: Closed * ruby -v: ruby 2.5.0p0 (2017-12-25 revision 61468) [aarch64-linux] * Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN ---------------------------------------- Recently, it is not possible to build Ruby 2.5.0 on aarch64 on Fedora Rawhide, because miniruby fails during build: ~~~ ... snip ... ./miniruby -I./lib -I. -I.ext/common -n \ -e 'BEGIN{version=ARGV.shift;mis=ARGV.dup}' \ -e 'END{abort "UNICODE version mismatch: #{mis}" unless mis.empty?}' \ -e '(mis.delete(ARGF.path); ARGF.close) if /ONIG_UNICODE_VERSION_STRING +"#{Regexp.quote(version)}"/o' \ 10.0.0 ./enc/unicode/10.0.0/casefold.h ./enc/unicode/10.0.0/name2ctype.h generating encdb.h ./miniruby -I./lib -I. -I.ext/common ./tool/generic_erb.rb -c -o encdb.h ./template/encdb.h.tmpl ./enc enc generating prelude.c ./miniruby -I./lib -I. -I.ext/common ./tool/generic_erb.rb -I. -c -o prelude.c \ ./template/prelude.c.tmpl ./prelude.rb ./gem_prelude.rb ./abrt_prelude.rb *** stack smashing detected ***: <unknown> terminated encdb.h updated ... snip ... ~~~ This might by Ruby or gcc issue. Not sure yet. However, there is already lengthy analysis available in Fedora's Bugzilla [1]. Would be anybody able to help to resolve this issue? [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1545239 ---Files-------------------------------- Dockerfile (573 Bytes) -- https://bugs.ruby-lang.org/

1 0

[ruby-core:118217] [Ruby master Bug#20561] Segfault with attr_writer, safe navigation and an "in" loop
by herwin (Herwin W) 07 Jun '24

07 Jun '24

Issue #20561 has been reported by herwin (Herwin W). ---------------------------------------- Bug #20561: Segfault with attr_writer, safe navigation and an "in" loop https://bugs.ruby-lang.org/issues/20561 * Author: herwin (Herwin W) * Status: Open * ruby -v: ruby 3.3.2 (2024-05-30 revision e5a195edf6) [x86_64-linux] * Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- ```ruby class Foo attr_accessor :bar end foo = Foo.new for foo&.bar in [1,2,3] p foo end ``` This code works fine when using `foo.bar` in the loop, without the safe navigator, but the safe navigator results in a segfault. Seen with versions 3.1.6, 3.2.4, 3.3.2 and 3.4.0-preview1. Full output for version 3.3.2: ``` in.rb: [BUG] Segmentation fault at 0x0000000000000000 ruby 3.3.2 (2024-05-30 revision e5a195edf6) [x86_64-linux] -- Control frame information ----------------------------------------------- c:0001 p:0000 s:0003 E:000320 DUMMY [FINISH] -- Threading information --------------------------------------------------- Total ractor count: 1 Ruby thread count for this ractor: 1 -- Machine register context ------------------------------------------------ RIP: 0x00007fa789099da6 RBP: 0x00007fa78868edb8 RSP: 0x00007fffeb7f6fa0 RAX: 0x0000000000000000 RBX: 0x000055b008211220 RCX: 0x000055b0081b9810 RDX: 0x0000000000000000 RDI: 0x000055b0081b9840 RSI: 0x0000000000000023 R8: 0x0000000000000000 R9: 0x000055b0081b9840 R10: 0x0000000000000001 R11: 0x00007fa78868edb8 R12: 0x00007fa78946429c R13: 0x0000000000000000 R14: 0x0000000000000042 R15: 0x0000000000000042 EFL: 0x0000000000010246 -- C level backtrace information ------------------------------------------- lib/libruby.so.3.3(rb_print_backtrace+0x14) [0x7fa78931ca5b] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/vm_dump.c:820 lib/libruby.so.3.3(rb_vm_bugreport) /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/vm_dump.c:1151 lib/libruby.so.3.3(rb_bug_for_fatal_signal+0x100) [0x7fa789112ec0] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/error.c:1065 lib/libruby.so.3.3(sigsegv+0x4d) [0x7fa789265ded] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/signal.c:926 /lib/x86_64-linux-gnu/libc.so.6(0x7fa788d76580) [0x7fa788d76580] lib/libruby.so.3.3(iseq_peephole_optimize+0x3d6) [0x7fa789099da6] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:2874 lib/libruby.so.3.3(iseq_optimize+0x128) [0x7fa78909b618] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:4145 lib/libruby.so.3.3(iseq_setup_insn) /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:1615 lib/libruby.so.3.3(iseq_setup_insn) /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:1604 lib/libruby.so.3.3(rb_iseq_compile_node+0x157) [0x7fa7890b0e67] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:966 lib/libruby.so.3.3(rb_iseq_new_with_opt+0x14d) [0x7fa7891815bd] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/iseq.c:946 lib/libruby.so.3.3(new_child_iseq+0xa7) [0x7fa78908ee87] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:1494 lib/libruby.so.3.3(compile_iter+0x4c) [0x7fa7890a6f4c] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:7719 lib/libruby.so.3.3(iseq_compile_each0) /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:9808 lib/libruby.so.3.3(compile_block+0x1c) [0x7fa7890a654c] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:4348 lib/libruby.so.3.3(iseq_compile_each0) /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:9787 lib/libruby.so.3.3(rb_iseq_compile_node+0x73e) [0x7fa7890b144e] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/compile.c:938 lib/libruby.so.3.3(rb_iseq_new_with_opt+0x14d) [0x7fa7891815bd] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/iseq.c:946 lib/libruby.so.3.3(rb_iseq_new_main+0x71) [0x7fa7891819b1] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/iseq.c:885 lib/libruby.so.3.3(process_options+0x164c) [0x7fa78926232c] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/ruby.c:2441 lib/libruby.so.3.3(ruby_process_options+0x145) [0x7fa789262985] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/ruby.c:3014 lib/libruby.so.3.3(ruby_options+0xcd) [0x7fa78911dc5d] /tmp/ruby-build.20240530181640.5619.rzPMtg/ruby-3.3.2/eval.c:121 bin/ruby(rb_main+0x19) [0x55b0072da10a] ./main.c:39 bin/ruby(main) ./main.c:58 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_call_main+0x7a) [0x7fa788d60c8a] ../sysdeps/nptl/libc_start_call_main.h:58 /lib/x86_64-linux-gnu/libc.so.6(call_init+0x0) [0x7fa788d60d45] ../csu/libc-start.c:360 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main_impl) ../csu/libc-start.c:347 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main) (null):0 [0x55b0072da151] -- Other runtime information ----------------------------------------------- * Loaded script: in.rb * Loaded features: 0 enumerator.so 1 thread.rb 2 fiber.so 3 rational.so 4 complex.so 5 ruby2_keywords.rb 6 lib/ruby/3.3.0/x86_64-linux/enc/encdb.so 7 lib/ruby/3.3.0/x86_64-linux/enc/trans/transdb.so 8 lib/ruby/3.3.0/x86_64-linux/rbconfig.rb 9 lib/ruby/3.3.0/rubygems/compatibility.rb 10 lib/ruby/3.3.0/rubygems/defaults.rb 11 lib/ruby/3.3.0/rubygems/deprecate.rb 12 lib/ruby/3.3.0/rubygems/errors.rb 13 lib/ruby/3.3.0/rubygems/unknown_command_spell_checker.rb 14 lib/ruby/3.3.0/rubygems/exceptions.rb 15 lib/ruby/3.3.0/rubygems/basic_specification.rb 16 lib/ruby/3.3.0/rubygems/stub_specification.rb 17 lib/ruby/3.3.0/rubygems/platform.rb 18 lib/ruby/3.3.0/rubygems/util/list.rb 19 lib/ruby/3.3.0/rubygems/version.rb 20 lib/ruby/3.3.0/rubygems/requirement.rb 21 lib/ruby/3.3.0/rubygems/specification.rb 22 lib/ruby/3.3.0/rubygems/util.rb 23 lib/ruby/3.3.0/rubygems/dependency.rb 24 lib/ruby/3.3.0/rubygems/core_ext/kernel_gem.rb 25 lib/ruby/3.3.0/x86_64-linux/monitor.so 26 lib/ruby/3.3.0/monitor.rb 27 lib/ruby/3.3.0/rubygems.rb 28 lib/ruby/3.3.0/bundled_gems.rb 29 lib/ruby/3.3.0/rubygems/path_support.rb 30 lib/ruby/3.3.0/error_highlight/version.rb 31 lib/ruby/3.3.0/error_highlight/base.rb 32 lib/ruby/3.3.0/error_highlight/formatter.rb 33 lib/ruby/3.3.0/error_highlight/core_ext.rb 34 lib/ruby/3.3.0/error_highlight.rb 35 lib/ruby/3.3.0/did_you_mean/version.rb 36 lib/ruby/3.3.0/did_you_mean/core_ext/name_error.rb 37 lib/ruby/3.3.0/did_you_mean/levenshtein.rb 38 lib/ruby/3.3.0/did_you_mean/jaro_winkler.rb 39 lib/ruby/3.3.0/did_you_mean/spell_checker.rb 40 lib/ruby/3.3.0/did_you_mean/spell_checkers/name_error_checkers/class_name_checker.rb 41 lib/ruby/3.3.0/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb 42 lib/ruby/3.3.0/did_you_mean/spell_checkers/name_error_checkers.rb 43 lib/ruby/3.3.0/did_you_mean/spell_checkers/method_name_checker.rb 44 lib/ruby/3.3.0/did_you_mean/spell_checkers/key_error_checker.rb 45 lib/ruby/3.3.0/did_you_mean/spell_checkers/null_checker.rb 46 lib/ruby/3.3.0/did_you_mean/tree_spell_checker.rb 47 lib/ruby/3.3.0/did_you_mean/spell_checkers/require_path_checker.rb 48 lib/ruby/3.3.0/did_you_mean/spell_checkers/pattern_key_name_checker.rb 49 lib/ruby/3.3.0/did_you_mean/formatter.rb 50 lib/ruby/3.3.0/did_you_mean.rb 51 lib/ruby/3.3.0/syntax_suggest/core_ext.rb * Process memory map: 55b0072d9000-55b0072da000 r--p 00000000 09:7f 42870666 bin/ruby 55b0072da000-55b0072db000 r-xp 00001000 09:7f 42870666 bin/ruby 55b0072db000-55b0072dc000 r--p 00002000 09:7f 42870666 bin/ruby 55b0072dc000-55b0072dd000 r--p 00002000 09:7f 42870666 bin/ruby 55b0072dd000-55b0072de000 rw-p 00003000 09:7f 42870666 bin/ruby 55b007f9f000-55b008772000 rw-p 00000000 00:00 0 [heap] 7fa76a627000-7fa76a800000 r--s 00000000 09:00 285418 /usr/lib/x86_64-linux-gnu/libc.so.6 7fa76a800000-7fa76aa80000 rw-p 00000000 00:00 0 7fa76ac00000-7fa76b109000 rw-p 00000000 00:00 0 7fa76b200000-7fa76bee5000 rw-p 00000000 00:00 0 7fa76c000000-7fa76d1d8000 r--s 00000000 09:7f 42870668 lib/libruby.so.3.3.2 7fa76d200000-7fa76d201000 ---p 00000000 00:00 0 7fa76d201000-7fa76d2a2000 rw-p 00000000 00:00 0 7fa76d2a2000-7fa76d2a3000 ---p 00000000 00:00 0 7fa76d2a3000-7fa76d344000 rw-p 00000000 00:00 0 7fa76d344000-7fa76d345000 ---p 00000000 00:00 0 7fa76d345000-7fa76d3e6000 rw-p 00000000 00:00 0 7fa76d3e6000-7fa76d3e7000 ---p 00000000 00:00 0 7fa76d3e7000-7fa76d488000 rw-p 00000000 00:00 0 7fa76d488000-7fa76d489000 ---p 00000000 00:00 0 7fa76d489000-7fa76d52a000 rw-p 00000000 00:00 0 7fa76d52a000-7fa76d52b000 ---p 00000000 00:00 0 7fa76d52b000-7fa76d5cc000 rw-p 00000000 00:00 0 7fa76d5cc000-7fa76d5cd000 ---p 00000000 00:00 0 7fa76d5cd000-7fa76d66e000 rw-p 00000000 00:00 0 7fa76d66e000-7fa76d66f000 ---p 00000000 00:00 0 7fa76d66f000-7fa76d710000 rw-p 00000000 00:00 0 7fa76d710000-7fa76d711000 ---p 00000000 00:00 0 7fa76d711000-7fa76d7b2000 rw-p 00000000 00:00 0 7fa76d7b2000-7fa76d7b3000 ---p 00000000 00:00 0 7fa76d7b3000-7fa76d854000 rw-p 00000000 00:00 0 7fa76d854000-7fa76d855000 ---p 00000000 00:00 0 7fa76d855000-7fa76d8f6000 rw-p 00000000 00:00 0 7fa76d8f6000-7fa76d8f7000 ---p 00000000 00:00 0 7fa76d8f7000-7fa76d998000 rw-p 00000000 00:00 0 7fa76d998000-7fa76d999000 ---p 00000000 00:00 0 7fa76d999000-7fa76da3a000 rw-p 00000000 00:00 0 7fa76da3a000-7fa76da3b000 ---p 00000000 00:00 0 7fa76da3b000-7fa76dadc000 rw-p 00000000 00:00 0 7fa76dadc000-7fa76dadd000 ---p 00000000 00:00 0 7fa76dadd000-7fa76db7e000 rw-p 00000000 00:00 0 7fa76db7e000-7fa76db7f000 ---p 00000000 00:00 0 7fa76db7f000-7fa76dc20000 rw-p 00000000 00:00 0 7fa76dc20000-7fa76dc21000 ---p 00000000 00:00 0 7fa76dc21000-7fa76dcc2000 rw-p 00000000 00:00 0 7fa76dcc2000-7fa76dcc3000 ---p 00000000 00:00 0 7fa76dcc3000-7fa76dd64000 rw-p 00000000 00:00 0 7fa76dd64000-7fa76dd65000 ---p 00000000 00:00 0 7fa76dd65000-7fa76de06000 rw-p 00000000 00:00 0 7fa76de06000-7fa76de07000 ---p 00000000 00:00 0 7fa76de07000-7fa76dea8000 rw-p 00000000 00:00 0 7fa76dea8000-7fa76dea9000 ---p 00000000 00:00 0 7fa76dea9000-7fa76df4a000 rw-p 00000000 00:00 0 7fa76df4a000-7fa76df4b000 ---p 00000000 00:00 0 7fa76df4b000-7fa76dfec000 rw-p 00000000 00:00 0 7fa76dfec000-7fa76dfed000 ---p 00000000 00:00 0 7fa76dfed000-7fa76e08e000 rw-p 00000000 00:00 0 7fa76e08e000-7fa76e08f000 ---p 00000000 00:00 0 7fa76e08f000-7fa76e130000 rw-p 00000000 00:00 0 7fa76e130000-7fa76e131000 ---p 00000000 00:00 0 7fa76e131000-7fa76e1d2000 rw-p 00000000 00:00 0 7fa76e1d2000-7fa76e1d3000 ---p 00000000 00:00 0 7fa76e1d3000-7fa76e274000 rw-p 00000000 00:00 0 7fa76e274000-7fa76e275000 ---p 00000000 00:00 0 7fa76e275000-7fa76e316000 rw-p 00000000 00:00 0 7fa76e316000-7fa76e317000 ---p 00000000 00:00 0 7fa76e317000-7fa76e3b8000 rw-p 00000000 00:00 0 7fa76e3b8000-7fa76e3b9000 ---p 00000000 00:00 0 7fa76e3b9000-7fa76e45a000 rw-p 00000000 00:00 0 7fa76e45a000-7fa76e45b000 ---p 00000000 00:00 0 7fa76e45b000-7fa76e4fc000 rw-p 00000000 00:00 0 7fa76e4fc000-7fa76e4fd000 ---p 00000000 00:00 0 7fa76e4fd000-7fa76e59e000 rw-p 00000000 00:00 0 7fa76e59e000-7fa76e59f000 ---p 00000000 00:00 0 7fa76e59f000-7fa76e640000 rw-p 00000000 00:00 0 7fa76e800000-7fa76e801000 ---p 00000000 00:00 0 7fa76e801000-7fa76f001000 rw-p 00000000 00:00 0 7fa76f0e0000-7fa76f0f0000 rw-p 00000000 00:00 0 7fa76f200000-7fa788600000 rw-p 00000000 00:00 0 7fa788610000-7fa788620000 rw-p 00000000 00:00 0 7fa788629000-7fa788660000 r--s 00000000 09:7f 42870666 bin/ruby 7fa788660000-7fa7886c0000 rw-p 00000000 00:00 0 7fa7886d0000-7fa788790000 rw-p 00000000 00:00 0 7fa78879f000-7fa788800000 rw-p 00000000 00:00 0 7fa788800000-7fa788b8b000 r--p 00000000 09:00 293187 /usr/lib/locale/locale-archive 7fa788ba0000-7fa788ce1000 rw-p 00000000 00:00 0 7fa788ce1000-7fa788d39000 r--p 00000000 09:00 839275 /usr/lib/locale/C.utf8/LC_CTYPE 7fa788d39000-7fa788d5f000 r--p 00000000 09:00 285418 /usr/lib/x86_64-linux-gnu/libc.so.6 7fa788d5f000-7fa788eb6000 r-xp 00026000 09:00 285418 /usr/lib/x86_64-linux-gnu/libc.so.6 7fa788eb6000-7fa788f0b000 r--p 0017d000 09:00 285418 /usr/lib/x86_64-linux-gnu/libc.so.6 7fa788f0b000-7fa788f0f000 r--p 001d1000 09:00 285418 /usr/lib/x86_64-linux-gnu/libc.so.6 7fa788f0f000-7fa788f11000 rw-p 001d5000 09:00 285418 /usr/lib/x86_64-linux-gnu/libc.so.6 7fa788f11000-7fa788f1e000 rw-p 00000000 00:00 0 7fa788f1e000-7fa788f2e000 r--p 00000000 09:00 285704 /usr/lib/x86_64-linux-gnu/libm.so.6 7fa788f2e000-7fa788fa4000 r-xp 00010000 09:00 285704 /usr/lib/x86_64-linux-gnu/libm.so.6 7fa788fa4000-7fa788ffe000 r--p 00086000 09:00 285704 /usr/lib/x86_64-linux-gnu/libm.so.6 7fa788ffe000-7fa788fff000 r--p 000df000 09:00 285704 /usr/lib/x86_64-linux-gnu/libm.so.6 7fa788fff000-7fa789000000 rw-p 000e0000 09:00 285704 /usr/lib/x86_64-linux-gnu/libm.so.6 7fa789000000-7fa78904a000 r--p 00000000 09:7f 42870668 lib/libruby.so.3.3.2 7fa78904a000-7fa78943c000 r-xp 0004a000 09:7f 42870668 lib/libruby.so.3.3.2 7fa78943c000-7fa7895c3000 r--p 0043c000 09:7f 42870668 lib/libruby.so.3.3.2 7fa7895c3000-7fa7895d9000 r--p 005c3000 09:7f 42870668 lib/libruby.so.3.3.2 7fa7895d9000-7fa7895dd000 rw-p 005d9000 09:7f 42870668 lib/libruby.so.3.3.2 7fa7895dd000-7fa7895f2000 rw-p 00000000 00:00 0 7fa789610000-7fa789630000 rw-p 00000000 00:00 0 7fa78963f000-7fa789641000 rw-p 00000000 00:00 0 7fa789641000-7fa789645000 r--p 00000000 09:00 285622 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7fa789645000-7fa789668000 r-xp 00004000 09:00 285622 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7fa789668000-7fa78966c000 r--p 00027000 09:00 285622 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7fa78966c000-7fa78966d000 r--p 0002b000 09:00 285622 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7fa78966d000-7fa78966e000 rw-p 0002c000 09:00 285622 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 7fa78966e000-7fa789670000 rw-p 00000000 00:00 0 7fa789670000-7fa789672000 r--p 00000000 09:00 285652 /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0 7fa789672000-7fa789688000 r-xp 00002000 09:00 285652 /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0 7fa789688000-7fa7896a2000 r--p 00018000 09:00 285652 /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0 7fa7896a2000-7fa7896a3000 r--p 00031000 09:00 285652 /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0 7fa7896a3000-7fa7896a4000 rw-p 00032000 09:00 285652 /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0 7fa7896a4000-7fa7896ac000 rw-p 00000000 00:00 0 7fa7896ac000-7fa7896b8000 r--p 00000000 09:00 286181 /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0 7fa7896b8000-7fa78971b000 r-xp 0000c000 09:00 286181 /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0 7fa78971b000-7fa789732000 r--p 0006f000 09:00 286181 /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0 7fa789732000-7fa789733000 r--p 00086000 09:00 286181 /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0 7fa789733000-7fa789734000 rw-p 00087000 09:00 286181 /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0 7fa789734000-7fa789737000 r--p 00000000 09:00 285895 /usr/lib/x86_64-linux-gnu/libz.so.1.3.1 7fa789737000-7fa78974a000 r-xp 00003000 09:00 285895 /usr/lib/x86_64-linux-gnu/libz.so.1.3.1 7fa78974a000-7fa789751000 r--p 00016000 09:00 285895 /usr/lib/x86_64-linux-gnu/libz.so.1.3.1 7fa789751000-7fa789752000 r--p 0001c000 09:00 285895 /usr/lib/x86_64-linux-gnu/libz.so.1.3.1 7fa789752000-7fa789753000 rw-p 0001d000 09:00 285895 /usr/lib/x86_64-linux-gnu/libz.so.1.3.1 7fa789756000-7fa789757000 r--p 00000000 09:7f 42870755 lib/ruby/3.3.0/x86_64-linux/monitor.so 7fa789757000-7fa789758000 r-xp 00001000 09:7f 42870755 lib/ruby/3.3.0/x86_64-linux/monitor.so 7fa789758000-7fa789759000 r--p 00002000 09:7f 42870755 lib/ruby/3.3.0/x86_64-linux/monitor.so 7fa789759000-7fa78975a000 r--p 00002000 09:7f 42870755 lib/ruby/3.3.0/x86_64-linux/monitor.so 7fa78975a000-7fa78975b000 rw-p 00003000 09:7f 42870755 lib/ruby/3.3.0/x86_64-linux/monitor.so 7fa78975b000-7fa78975c000 r--p 00000000 09:7f 42870679 lib/ruby/3.3.0/x86_64-linux/enc/trans/transdb.so 7fa78975c000-7fa78975d000 r-xp 00001000 09:7f 42870679 lib/ruby/3.3.0/x86_64-linux/enc/trans/transdb.so 7fa78975d000-7fa78975e000 r--p 00002000 09:7f 42870679 lib/ruby/3.3.0/x86_64-linux/enc/trans/transdb.so 7fa78975e000-7fa78975f000 r--p 00002000 09:7f 42870679 lib/ruby/3.3.0/x86_64-linux/enc/trans/transdb.so 7fa78975f000-7fa789760000 rw-p 00003000 09:7f 42870679 lib/ruby/3.3.0/x86_64-linux/enc/trans/transdb.so 7fa789760000-7fa789761000 r--p 00000000 09:7f 42870702 lib/ruby/3.3.0/x86_64-linux/enc/encdb.so 7fa789761000-7fa789762000 r-xp 00001000 09:7f 42870702 lib/ruby/3.3.0/x86_64-linux/enc/encdb.so 7fa789762000-7fa789763000 r--p 00002000 09:7f 42870702 lib/ruby/3.3.0/x86_64-linux/enc/encdb.so 7fa789763000-7fa789764000 r--p 00002000 09:7f 42870702 lib/ruby/3.3.0/x86_64-linux/enc/encdb.so 7fa789764000-7fa789765000 rw-p 00003000 09:7f 42870702 lib/ruby/3.3.0/x86_64-linux/enc/encdb.so 7fa789765000-7fa78976c000 r--s 00000000 09:00 312670 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache 7fa78976c000-7fa78976e000 rw-p 00000000 00:00 0 7fa78976e000-7fa78976f000 r--p 00000000 09:00 285229 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 7fa78976f000-7fa789794000 r-xp 00001000 09:00 285229 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 7fa789794000-7fa78979e000 r--p 00026000 09:00 285229 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 7fa78979e000-7fa7897a0000 r--p 00030000 09:00 285229 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 7fa7897a0000-7fa7897a2000 rw-p 00032000 09:00 285229 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 7fffeaffc000-7fffeb7fb000 rw-p 00000000 00:00 0 [stack] 7fffeb83a000-7fffeb83e000 r--p 00000000 00:00 0 [vvar] 7fffeb83e000-7fffeb840000 r-xp 00000000 00:00 0 [vdso] ``` -- https://bugs.ruby-lang.org/

2 3

[ruby-core:118230] [Ruby master Feature#6648] Provide a standard API for retrieving all command-line flags passed to Ruby
by shyouhei (Shyouhei Urabe) 07 Jun '24

07 Jun '24

Issue #6648 has been updated by shyouhei (Shyouhei Urabe). In short the problem we see is feeding strings from untrusted sources to generic `Kernel#exec`. Sounds ultra risky, no? Let's not do so. If what is needed is just launching a ruby process, we could perhaps design a workaround. ---------------------------------------- Feature #6648: Provide a standard API for retrieving all command-line flags passed to Ruby https://bugs.ruby-lang.org/issues/6648#change-108725 * Author: headius (Charles Nutter) * Status: Assigned * Assignee: matz (Yukihiro Matsumoto) ---------------------------------------- Currently there are no standard mechanisms to get the flags passed to the currently running Ruby implementation. The available mechanisms are not ideal: * Scanning globals and hoping they have not been tweaked to new settings * Using external wrappers to launch Ruby * ??? Inability to get the full set of command-line flags, including flags passed to the VM itself (and probably VM-specific) makes it impossible to launch subprocess Ruby instances with the same settings. A real world example of this is "((%bundle exec%))" when called with a command line that sets various flags, a la ((%jruby -Xsome.vm.setting --1.9 -S bundle exec%)). None of these flags can propagate to the subprocess, so odd behaviors result. The only option is to put the flags into an env var (((|JRUBY_OPTS|)) or ((|RUBYOPT|))) but this breaks the flow of calling a simple command line. JRuby provides mechanisms to get all its command line options, but they require calling Java APIs from Ruby's API set. Rubinius provides its own API for accessing comand-line options, but I do not know if it includes VM-level flags as well as standard Ruby flags. I know there is a (({RubyVM})) namespace in the 2.0 line. If that namespace is intended to be general-purpose for VM-level features, it would be a good host for this API. Something like... ``` class << RubyVM def vm_args; end # returns array of command line args *not* passed to the target script def script; end # returns the script being executed...though this overlaps with $0 def script_args; end # returns args passed to the script...though this overlaps with ARGV, but that is perhaps warranted since ARGV can be modified (i.e. you probably want the original args) end ``` -- https://bugs.ruby-lang.org/

1 0

[ruby-core:118150] [Ruby master Bug#20520] _FORTIFY_SOURCE=3 is not correctly respected
by vo.x (Vit Ondruch) 07 Jun '24

07 Jun '24

Issue #20520 has been reported by vo.x (Vit Ondruch). ---------------------------------------- Bug #20520: _FORTIFY_SOURCE=3 is not correctly respected https://bugs.ruby-lang.org/issues/20520 * Author: vo.x (Vit Ondruch) * Status: Open * ruby -v: ruby 3.3.1 (2024-04-23 revision c56cd86388) [aarch64-linux] * Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- In Fedora, we are using following compilation options: ~~~ + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' ~~~ Please note that as of recently, there is included `_FORTIFY_SOURCE=3`. The problem is, that Ruby doing its configuration check: ~~~ checking whether -O3 -D_FORTIFY_SOURCE=2 is accepted as CFLAGS... yes ~~~ Includes another variant of `_FORTIFY_SOURCE=2` into `XFLAGS`: ~~~ $ /usr/bin/make -O -j12 V=1 VERBOSE=1 'COPY=cp -p' -C redhat-linux-build make: Entering directory '/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/redhat-linux-build' BASERUBY = /builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/tool/missing-baseruby.bat CC = gcc LD = ld LDSHARED = gcc -shared CFLAGS = -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fPIC XCFLAGS = -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mbranch-protection=standard -fno-strict-overflow -fvisibility=hidden -fexcess-precision=standard -DRUBY_EXPORT -I. -I.ext/include/aarch64-linux -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/include -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1 -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/prism -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/enc/unicode/15.0.0 CPPFLAGS = DLDFLAGS = -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-soname,libruby.so.3.3 -fstack-protector-strong SOLIBS = -lz -lrt -lrt -lgmp -ldl -lcrypt -lm -lpthread LANG = C.UTF-8 LC_ALL = LC_CTYPE = MFLAGS = -j12 -Otarget --jobserver-auth=fifo:/tmp/GMfifo10279 --sync-mutex=fnm:/tmp/GmbGoenG RUSTC = rustc YJIT_RUSTC_ARGS = --crate-name=yjit --crate-type=staticlib --edition=2021 -g -C lto=thin -C opt-level=3 -C overflow-checks=on '--out-dir=/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/redhat-linux-build/yjit/target/release/' /builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/yjit/src/lib.rs gcc (GCC) 14.1.1 20240522 (Red Hat 14.1.1-4) Copyright (C) 2024 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. make: Leaving directory '/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/redhat-linux-build' make: Entering directory '/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/redhat-linux-build' gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fPIC -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mbranch-protection=standard -fno-strict-overflow -fvisibility=hidden -fexcess-precision=standard -DRUBY_EXPORT -I. -I.ext/include/aarch64-linux -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/include -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1 -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/prism -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/enc/unicode/15.0.0 -o dmyext.o -c /builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/dmyext.c ... snip ... ~~~ -- https://bugs.ruby-lang.org/

2 2

[ruby-core:115595] [Ruby master Bug#20043] `defined?` checks for method existence but only sometimes
by tenderlovemaking (Aaron Patterson) 07 Jun '24

07 Jun '24

Issue #20043 has been reported by tenderlovemaking (Aaron Patterson). ---------------------------------------- Bug #20043: `defined?` checks for method existence but only sometimes https://bugs.ruby-lang.org/issues/20043 * Author: tenderlovemaking (Aaron Patterson) * Status: Open * Priority: Normal * ruby -v: ruby 3.3.0dev (2023-12-05T21:25:34Z master 56eccb350b) [arm64-darwin23] * Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN ---------------------------------------- When an expression is passed to `defined?`, it will _sometimes_ check if a method in a sub-expression is defined and sometimes it won't. For example: ``` $ ./miniruby -e'p defined?(a)' nil $ ./miniruby -e'p defined?([a])' nil ``` In the above case, Ruby will check whether or not the method `a` is defined, and it returns `nil`. However, if you use a splat, it will not check: ``` $ ./miniruby -e'p defined?([*a])' "expression" ``` The same thing seems to happen with method parameters: ``` $ ./miniruby -e'p defined?(itself)' "method" $ ./miniruby -e'p defined?(itself(a))' nil $ ./miniruby -e'p defined?(itself(*a))' "method" ``` Oddly, `defined?` will check contents of arrays, but _won't_ check contents of hashes: ``` $ ./miniruby -e'p defined?([[[[a]]]])' nil $ ./miniruby -e'p defined?({ a => a })' "expression" ``` I think all of the cases that refer to `a` should check whether or not `a` is defined regardless of splats or hashes. -- https://bugs.ruby-lang.org/

7 9

[ruby-core:118223] [Ruby master Feature#6648] Provide a standard API for retrieving all command-line flags passed to Ruby
by shyouhei (Shyouhei Urabe) 07 Jun '24

07 Jun '24

Issue #6648 has been updated by shyouhei (Shyouhei Urabe). Eregon (Benoit Daloze) wrote in #note-24: > @mame CRuby already needs to get arguments as an array to parse command-line flags, so `RbConfig.ruby_args` just exposes that. > If CRuby can parse these Ruby command-line flags, for sure we can save them in some kind of array. This is true. Technically we can provide such array. But for what reason? The question is its usage. > IIRC these extra complications are only relevant in `.bat` files, the C main still receives an array of arguments on Windows. Background: This is how we execute external process in Windows: https://github.com/ruby/ruby/blob/029d92b8988d26955d0622f0cbb8ef3213200749/… Also background: Windows API for creating a process: https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-pr… So this is not about receiving arguments but calling a process. As you see there is no Windows API that takes `char**`. We cannot safely pass through what we have. You have to concatenate them into one argument string (`LPWSTR lpCommandLine`), with proper escaping of whitespace etc. This is where the security concern arises. Because process arguments come from out of the process itself by nature, there is no guarantee that they are written by good will. I have to say it is at least dangerous to "escape" them to be "safe" to pass to a process invoking API. Our current implementation is not ready for that... Is it even possible? ---------------------------------------- Feature #6648: Provide a standard API for retrieving all command-line flags passed to Ruby https://bugs.ruby-lang.org/issues/6648#change-108715 * Author: headius (Charles Nutter) * Status: Assigned * Assignee: matz (Yukihiro Matsumoto) ---------------------------------------- Currently there are no standard mechanisms to get the flags passed to the currently running Ruby implementation. The available mechanisms are not ideal: * Scanning globals and hoping they have not been tweaked to new settings * Using external wrappers to launch Ruby * ??? Inability to get the full set of command-line flags, including flags passed to the VM itself (and probably VM-specific) makes it impossible to launch subprocess Ruby instances with the same settings. A real world example of this is "((%bundle exec%))" when called with a command line that sets various flags, a la ((%jruby -Xsome.vm.setting --1.9 -S bundle exec%)). None of these flags can propagate to the subprocess, so odd behaviors result. The only option is to put the flags into an env var (((|JRUBY_OPTS|)) or ((|RUBYOPT|))) but this breaks the flow of calling a simple command line. JRuby provides mechanisms to get all its command line options, but they require calling Java APIs from Ruby's API set. Rubinius provides its own API for accessing comand-line options, but I do not know if it includes VM-level flags as well as standard Ruby flags. I know there is a (({RubyVM})) namespace in the 2.0 line. If that namespace is intended to be general-purpose for VM-level features, it would be a good host for this API. Something like... ``` class << RubyVM def vm_args; end # returns array of command line args *not* passed to the target script def script; end # returns the script being executed...though this overlaps with $0 def script_args; end # returns args passed to the script...though this overlaps with ARGV, but that is perhaps warranted since ARGV can be modified (i.e. you probably want the original args) end ``` -- https://bugs.ruby-lang.org/

1 0

[ruby-core:118184] [Ruby master Bug#20527] Control-Flow protection cannot be enabled for Ruby due to ASM bits
by vo.x (Vit Ondruch) 06 Jun '24

06 Jun '24

Issue #20527 has been reported by vo.x (Vit Ondruch). ---------------------------------------- Bug #20527: Control-Flow protection cannot be enabled for Ruby due to ASM bits https://bugs.ruby-lang.org/issues/20527 * Author: vo.x (Vit Ondruch) * Status: Open * ruby -v: ruby 3.3.1 (2024-04-23 revision c56cd86388) [x86_64-linux] * Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- Checking if Ruby is properly hardened up to Fedora standard using `annocheck`, this is the result: ~~~ $ annocheck redhat-linux-build/libruby.so.3.3.1 annocheck: Version 12.54. Hardened: libruby.so.3.3.1: FAIL: cf-protection test because .note.gnu.property section did not contain the necessary flags Hardened: libruby.so.3.3.1: FAIL: property-note test because a property note was found but it shows that cf-protection is not enabled Hardened: Rerun annocheck with --verbose to see more information on the tests. Hardened: libruby.so.3.3.1: Overall: FAIL. ~~~ Wondering what is the issue, I have executed following: ~~~ $ annocheck redhat-linux-build/* 2>/dev/null | grep FAIL | less Hardened: Context.o: Overall: FAIL (due to MAYB results). Hardened: libruby-static.a:Context.o: Overall: FAIL (due to MAYB results). Hardened: libruby.so.3.3.1: FAIL: cf-protection test because .note.gnu.property section did not contain the necessary flags Hardened: libruby.so.3.3.1: FAIL: property-note test because a property note was found but it shows that cf-protection is not enabled Hardened: libruby.so.3.3.1: Overall: FAIL. Hardened: miniruby: FAIL: cf-protection test because .note.gnu.property section did not contain the necessary flags Hardened: miniruby: FAIL: property-note test because a property note was found but it shows that cf-protection is not enabled Hardened: miniruby: Overall: FAIL. ~~~ This suggest that the `Context.o` is the culprit. Lets take a detailed look: ~~~ $ annocheck redhat-linux-build/coroutine/amd64/Context.o --verbose annocheck: Version 12.54. Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: No matching profile found. Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: pie test because the ELF file header has the correct type Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: gnu-stack test because non-executable .note.GNU-stack section found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: gaps test because no notes found - therefore there are no gaps! Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: notes, reason: notes not found and no DWARF info found (could there be a separate debuginfo file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-notes.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: bind-now test because only needed for executables Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: branch-protection test because not an AArch64 binary Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: cf-protection test because not an x86_64 executable Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: dynamic-segment test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: dynamic-tags test because AArch64 specific Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: entry test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: fast test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: fips test because not a GO binary Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: fortify test because no compiled C/C++ code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: glibcxx-assertions test because no compiled C/C++ code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: gnu-relro test because not needed in object files Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: go-revision test because no GO compiled code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: implicit-values test because These tests are only relevent to C source code Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: instrumentation test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: lto test because not compiled from C/C++ code Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: openssl-engine test Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: optimization, reason: could not determine how the code was created Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-optimization.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: This can happen if the program is compiled from a language unknown to annocheck Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: or because there are no annobin build notes (could they be in a separate file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: For more details see https://sourceware.org/annobin/annobin.html/Absence-of-compiled-code.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: pic, reason: no valid notes found regarding this test Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-pic.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: production test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: property-note test because property notes not needed in object files Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: run-path test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: rwx-seg test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: short-enums test Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: stack-clash, reason: could not determine how the code was created Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-stack-clash.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: This can happen if the program is compiled from a language unknown to annocheck Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: or because there are no annobin build notes (could they be in a separate file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: For more details see https://sourceware.org/annobin/annobin.html/Absence-of-compiled-code.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: MAYB: test: stack-prot, reason: could not determine how the code was created Hardened: redhat-linux-build/coroutine/amd64/Context.o: info: For more information visit: https://sourceware.org/annobin/annobin.html/Test-stack-prot.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: This can happen if the program is compiled from a language unknown to annocheck Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: or because there are no annobin build notes (could they be in a separate file ?) Hardened: redhat-linux-build/coroutine/amd64/Context.o: WARN: For more details see https://sourceware.org/annobin/annobin.html/Absence-of-compiled-code.html Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: stack-realign test because not an i686 executable Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: textrel test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: threads test Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: unicode test Hardened: redhat-linux-build/coroutine/amd64/Context.o: skip: warnings test because no compiled C/C++ code found Hardened: redhat-linux-build/coroutine/amd64/Context.o: PASS: writable-got test Hardened: redhat-linux-build/coroutine/amd64/Context.o: Overall: FAIL (due to MAYB results). ~~~ Well, `skip: cf-protection test because not an x86_64 executable` is not really helpful, therefore I have opened ticket with annocheck folks [1], where they suggest to update the `Context.S` according to the following guidelines: https://sourceware.org/annobin/annobin.html/Test-cf-protection.html P.S. With YJIT enabled, there is also issue with the Rust code, therefore I have tested this with YJIT disabled and without Rust available in the environment. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=2284605 -- https://bugs.ruby-lang.org/

3 3