summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2006-09-04 20:50:13 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2006-09-04 20:50:13 +0000
commit5cbc6bff93854ee0270c362adb8054520559863e (patch)
tree33ad14c2454ecaef5db554026d562430c27ad46f
parent7e927ea6d5258ce6ff1574a83c045a533341873e (diff)
downloadruby-5cbc6bff93854ee0270c362adb8054520559863e.tar.gz
ruby-5cbc6bff93854ee0270c362adb8054520559863e.tar.xz
ruby-5cbc6bff93854ee0270c362adb8054520559863e.zip
* file.c (path_check_0): check if sticky bit is set on parent
directories for executable path. fixed: [ruby-dev:29415] git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog5
-rw-r--r--file.c14
2 files changed, 11 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index e7aab926e..a021df5c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Sep 5 05:49:41 2006 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * file.c (path_check_0): check if sticky bit is set on parent
+ directories for executable path. fixed: [ruby-dev:29415]
+
Mon Sep 4 23:15:34 2006 Yukihiro Matsumoto <matz@ruby-lang.org>
* time.c (time_to_s): make it conform to RFC2822 date format.
diff --git a/file.c b/file.c
index ac7b548db..a2726d1df 100644
--- a/file.c
+++ b/file.c
@@ -4099,9 +4099,9 @@ is_absolute_path(path)
#ifndef DOSISH
static int
-path_check_0(fpath, loadpath)
+path_check_0(fpath, execpath)
VALUE fpath;
- int loadpath;
+ int execpath;
{
struct stat st;
char *p0 = StringValueCStr(fpath);
@@ -4116,7 +4116,7 @@ path_check_0(fpath, loadpath)
rb_str_cat2(newpath, "/");
rb_str_cat2(newpath, p0);
- return path_check_0(newpath, loadpath);
+ p0 = RSTRING(fpath = newpath)->ptr;
}
for (;;) {
#ifndef S_IWOTH
@@ -4124,10 +4124,11 @@ path_check_0(fpath, loadpath)
#endif
if (stat(p0, &st) == 0 && S_ISDIR(st.st_mode) && (st.st_mode & S_IWOTH)
#ifdef S_ISVTX
- && (loadpath || !(st.st_mode & S_ISVTX))
+ && !(p && execpath && (st.st_mode & S_ISVTX))
#endif
) {
- rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
+ rb_warn("Insecure world writable dir %s in %sPATH, mode 0%o",
+ p0, (execpath ? "" : "LOAD_"), st.st_mode);
if (p) *p = '/';
return 0;
}
@@ -4315,9 +4316,6 @@ rb_find_file(path)
}
else {
lpath = RSTRING(tmp)->ptr;
- if (rb_safe_level() >= 1 && !rb_path_check(lpath)) {
- rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath);
- }
}
}
else {