From 97a848151bbebd179b2373f04a1f5b288fe57963 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 23 Jul 2004 00:11:34 +0000
Subject: * lib/cgi/session.rb (CGI::Session::FileStore#update): sets the  
 permission of the session data file to 0600.

* lib/cgi/session/pstore.rb (CGI::Session::Pstore#initialize):
  ditto.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@6687 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                 | 8 ++++++++
 eval.c                    | 3 +++
 lib/cgi/session.rb        | 2 +-
 lib/cgi/session/pstore.rb | 3 +++
 4 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index ebc204032..8633eec74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,14 @@ Fri Jul 23 09:03:16 2004  Shugo Maeda  <shugo@ruby-lang.org>
 
 	* lib/net/imap.rb (disconnected?): new method. (backported from HEAD)
 
+Thu Jul 22 16:41:54 2004  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* lib/cgi/session.rb (CGI::Session::FileStore#update): sets the
+         permission of the session data file to 0600.
+
+	* lib/cgi/session/pstore.rb (CGI::Session::Pstore#initialize):
+	  ditto.
+
 Thu Jul 22 00:02:21 2004  Masahiro Kitajima  <katonbo@katontech.com>
 
 	* process.c (rb_f_system): not need to call last_status_set() any
diff --git a/eval.c b/eval.c
index 21678876d..d62f0f55d 100644
--- a/eval.c
+++ b/eval.c
@@ -10913,10 +10913,13 @@ rb_thread_sleep(sec)
 void
 rb_thread_sleep_forever()
 {
+    int thr_critical = rb_thread_critical;
     if (curr_thread == curr_thread->next ||
 	curr_thread->status == THREAD_TO_KILL) {
+	rb_thread_critical = Qtrue;
 	TRAP_BEG;
 	pause();
+	rb_thread_critical = thr_critical;
 	TRAP_END;
 	return;
     }
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index a44de7cb8..0bc10d013 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -395,7 +395,7 @@ class CGI
       def update
 	return unless @hash
         begin
-	  f = File.open(@path, 'w')
+	  f = File.open(@path, File::CREAT|File::TRUNC|File::RDWR, 0600)
 	  f.flock File::LOCK_EX
    	  for k,v in @hash
 	    f.printf "%s=%s\n", CGI::escape(k), CGI::escape(String(v))
diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb
index 8f4beb978..f46dd5739 100644
--- a/lib/cgi/session/pstore.rb
+++ b/lib/cgi/session/pstore.rb
@@ -70,6 +70,9 @@ class CGI
 	  @hash = {}
 	end
 	@p = ::PStore.new(path)
+	@p.transaction do |p|
+	  File.chmod(0600, p.path)
+	end
       end
 
       # Restore session state from the session's PStore file.
-- 
cgit