diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-04 20:50:13 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-04 20:50:13 +0000 |
commit | 5cbc6bff93854ee0270c362adb8054520559863e (patch) | |
tree | 33ad14c2454ecaef5db554026d562430c27ad46f /file.c | |
parent | 7e927ea6d5258ce6ff1574a83c045a533341873e (diff) | |
download | ruby-5cbc6bff93854ee0270c362adb8054520559863e.tar.gz ruby-5cbc6bff93854ee0270c362adb8054520559863e.tar.xz ruby-5cbc6bff93854ee0270c362adb8054520559863e.zip |
* file.c (path_check_0): check if sticky bit is set on parent
directories for executable path. fixed: [ruby-dev:29415]
git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'file.c')
-rw-r--r-- | file.c | 14 |
1 files changed, 6 insertions, 8 deletions
@@ -4099,9 +4099,9 @@ is_absolute_path(path) #ifndef DOSISH static int -path_check_0(fpath, loadpath) +path_check_0(fpath, execpath) VALUE fpath; - int loadpath; + int execpath; { struct stat st; char *p0 = StringValueCStr(fpath); @@ -4116,7 +4116,7 @@ path_check_0(fpath, loadpath) rb_str_cat2(newpath, "/"); rb_str_cat2(newpath, p0); - return path_check_0(newpath, loadpath); + p0 = RSTRING(fpath = newpath)->ptr; } for (;;) { #ifndef S_IWOTH @@ -4124,10 +4124,11 @@ path_check_0(fpath, loadpath) #endif if (stat(p0, &st) == 0 && S_ISDIR(st.st_mode) && (st.st_mode & S_IWOTH) #ifdef S_ISVTX - && (loadpath || !(st.st_mode & S_ISVTX)) + && !(p && execpath && (st.st_mode & S_ISVTX)) #endif ) { - rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode); + rb_warn("Insecure world writable dir %s in %sPATH, mode 0%o", + p0, (execpath ? "" : "LOAD_"), st.st_mode); if (p) *p = '/'; return 0; } @@ -4315,9 +4316,6 @@ rb_find_file(path) } else { lpath = RSTRING(tmp)->ptr; - if (rb_safe_level() >= 1 && !rb_path_check(lpath)) { - rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath); - } } } else { |