* gc.c (define_final): should not disclose NODE* to Ruby world.

[ruby-dev:23957] git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@6691 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2004-07-23 07:52:38 +0000
committer: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2004-07-23 07:52:38 +0000
commit: fa0053812ac44024ea9a6cedeb70b5535868d191 (patch)
tree: 2fa3966a581fc9b57e35af22e41cbc04362be7bc /lib/cgi
parent: 29cdaacd1546c3dac74453033c845a183f37410a (diff)
download: ruby-fa0053812ac44024ea9a6cedeb70b5535868d191.tar.gz
ruby-fa0053812ac44024ea9a6cedeb70b5535868d191.tar.xz
ruby-fa0053812ac44024ea9a6cedeb70b5535868d191.zip
2 files changed, 4 insertions, 1 deletions
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index a44de7cb8..0bc10d013 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -395,7 +395,7 @@ class CGI
       def update
 	return unless @hash
         begin
-	  f = File.open(@path, 'w')
+	  f = File.open(@path, File::CREAT|File::TRUNC|File::RDWR, 0600)
 	  f.flock File::LOCK_EX
    	  for k,v in @hash
 	    f.printf "%s=%s\n", CGI::escape(k), CGI::escape(String(v))
diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb
index 8f4beb978..f46dd5739 100644
--- a/lib/cgi/session/pstore.rb
+++ b/lib/cgi/session/pstore.rb
@@ -70,6 +70,9 @@ class CGI
 	  @hash = {}
 	end
 	@p = ::PStore.new(path)
+	@p.transaction do |p|
+	  File.chmod(0600, p.path)
+	end
       end
 
       # Restore session state from the session's PStore file.
author	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2004-07-23 07:52:38 +0000
committer	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2004-07-23 07:52:38 +0000
commit	fa0053812ac44024ea9a6cedeb70b5535868d191 (patch)
tree	2fa3966a581fc9b57e35af22e41cbc04362be7bc /lib/cgi
parent	29cdaacd1546c3dac74453033c845a183f37410a (diff)
download	ruby-fa0053812ac44024ea9a6cedeb70b5535868d191.tar.gz ruby-fa0053812ac44024ea9a6cedeb70b5535868d191.tar.xz ruby-fa0053812ac44024ea9a6cedeb70b5535868d191.zip