diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-11-05 17:27:10 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-11-05 17:27:10 +0000 |
commit | d05e04b825f2b02bfa0b4b97a241dcbd26f3bd2e (patch) | |
tree | 00a18e0c60084c66fb03025e151a8643e631bf2a | |
parent | 62ebf35592717655a34620301fd45dfc522af1e2 (diff) |
Relax MJIT_BUILD_DIR restriction
* mjit.c (init_header_filename): sticky-mode directory probably
would be less unsafe even if it is not owned.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65551 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | mjit.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -394,15 +394,20 @@ init_header_filename(void) /* This path is not intended to be used on production, but using build directory's header file here because people want to run `make test-all` without running `make install`. Don't use $MJIT_SEARCH_BUILD_DIR except for test-all. */ - if (build_dir[0] != '/' || - stat(build_dir, &st) || !S_ISDIR(st.st_mode) || - st.st_uid != getuid() || (st.st_mode & 022) || - !rb_path_check(build_dir)) { + if (build_dir[0] != '/') { + verbose(1, "Non-absolute path MJIT_BUILD_DIR: %s", build_dir); + } + else if (stat(build_dir, &st) || !S_ISDIR(st.st_mode)) { + verbose(1, "Non-directory path MJIT_BUILD_DIR: %s", build_dir); + } + else if (!rb_path_check(build_dir)) { verbose(1, "Unsafe MJIT_BUILD_DIR: %s", build_dir); return FALSE; } - basedir = build_dir; - baselen = sizeof(build_dir) - 1; + else { + basedir = build_dir; + baselen = sizeof(build_dir) - 1; + } } #endif |