From 65dc6d04dcf5e8c2bc48ae1594309d16f0493517 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 24 Jul 2006 09:28:15 +0000
Subject: * process.c (rb_f_system): add security check.  [ruby-talk:202947]

* process.c (rb_f_system): move signal right before fork to avoid
  signal handler intervention.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 process.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'process.c')

diff --git a/process.c b/process.c
index 4271c2ff1..76720977c 100644
--- a/process.c
+++ b/process.c
@@ -1494,7 +1494,6 @@ rb_f_system(argc, argv)
     int i;
     RETSIGTYPE (*chfunc)(int);
 
-    chfunc = signal(SIGCHLD, SIG_DFL);
     fflush(stdout);
     fflush(stderr);
     if (argc == 0) {
@@ -1516,6 +1515,8 @@ rb_f_system(argc, argv)
     for (i = 0; i < argc; i++) {
 	SafeStringValue(argv[i]);
     }
+    security(RSTRING(prog ? prog : argv[0])->ptr);
+    chfunc = signal(SIGCHLD, SIG_DFL);
   retry:
     pid = fork();
     if (pid == 0) {
-- 
cgit