summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-09-20 17:44:57 +0000
committermatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2005-09-20 17:44:57 +0000
commitcca26c22265e554723e5f91e9b90a190fdbe0bf2 (patch)
tree221a40f563858a6637a8dd99f4616c6429bd6472
parentdb824a34dd324685a919e19ffed486ce9a968088 (diff)
* file.c (path_check_0): disallow sticky world writable directory
in PATH (and $LOAD_PATH). [ruby-dev:27226] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9255 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog5
-rw-r--r--file.c30
2 files changed, 26 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index 8a164d3..6ea2011 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Wed Sep 21 02:44:09 2005 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * file.c (path_check_0): disallow sticky world writable directory
+ in PATH (and $LOAD_PATH). [ruby-dev:27226]
+
Tue Sep 20 22:29:49 2005 NAKAMURA, Hiroshi <nakahiro@sarion.co.jp>
* test/wsdl/simpletype/rpc/test_rpc.rb, test/wsdl/ref/test_ref.rb,
diff --git a/file.c b/file.c
index c6e7b34..e957514 100644
--- a/file.c
+++ b/file.c
@@ -3850,11 +3850,12 @@ is_absolute_path(path)
#ifndef DOSISH
static int
-path_check_1(path)
- VALUE path;
+path_check_0(fpath, loadpath)
+ VALUE fpath;
+ int loadpath;
{
struct stat st;
- char *p0 = StringValueCStr(path);
+ char *p0 = StringValueCStr(fpath);
char *p = 0, *s;
if (!is_absolute_path(p0)) {
@@ -3866,7 +3867,7 @@ path_check_1(path)
rb_str_cat2(newpath, "/");
rb_str_cat2(newpath, p0);
- return path_check_1(newpath);
+ return path_check_0(newpath, loadpath);
}
for (;;) {
#ifndef S_IWOTH
@@ -3874,7 +3875,7 @@ path_check_1(path)
#endif
if (stat(p0, &st) == 0 && S_ISDIR(st.st_mode) && (st.st_mode & S_IWOTH)
#ifdef S_ISVTX
- && !(st.st_mode & S_ISVTX)
+ && (loadpath || !(st.st_mode & S_ISVTX))
#endif
) {
rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
@@ -3890,6 +3891,17 @@ path_check_1(path)
}
#endif
+static int
+fpath_check(path)
+ char *path;
+{
+#ifndef DOSISH
+ return path_check_0(path, Qfalse);
+#else
+ return 1;
+#endif
+}
+
int
rb_path_check(path)
char *path;
@@ -3906,7 +3918,7 @@ rb_path_check(path)
if (!p) p = pend;
for (;;) {
- if (!path_check_1(rb_str_new(p0, p - p0))) {
+ if (!path_check_0(rb_str_new(p0, p - p0), Qtrue)) {
return 0; /* not safe */
}
p0 = p + 1;
@@ -4018,7 +4030,7 @@ rb_find_file(path)
#if defined(__MACOS__) || defined(riscos)
if (is_macos_native_path(f)) {
- if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+ if (rb_safe_level() >= 1 && !fpath_check(f)) {
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
}
if (file_load_ok(f)) return path;
@@ -4026,7 +4038,7 @@ rb_find_file(path)
#endif
if (is_absolute_path(f)) {
- if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+ if (rb_safe_level() >= 1 && !fpath_check(f)) {
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
}
if (file_load_ok(f)) return path;
@@ -4067,7 +4079,7 @@ rb_find_file(path)
return 0; /* no path, no load */
}
f = dln_find_file(f, lpath);
- if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+ if (rb_safe_level() >= 1 && !fpath_check(f)) {
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
}
if (file_load_ok(f)) {