diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-03-10 15:05:18 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-03-10 15:05:18 +0000 |
commit | bb544954b2679d4bd86fa6da6da29171e65e017a (patch) | |
tree | 11cb95cc04fbef35876af401f82af0733f7b7fb1 /file.c | |
parent | 70b55f2018ba19a0a1b516bd7bf8b112cd7ae5fb (diff) |
* file.c (rb_find_file): need world writable directory check for
relative paths too.
* file.c (rb_find_file): world writable directory check if
$SAFE >= 1 (was $SAFE >= 2).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@3571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'file.c')
-rw-r--r-- | file.c | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -2731,15 +2731,15 @@ rb_find_file(path) if (f[0] == '~') { path = rb_file_expand_path(path, Qnil); - if (rb_safe_level() >= 2 && OBJ_TAINTED(path)) { - rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); + if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) { + rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); } f = StringValuePtr(path); } #if defined(__MACOS__) || defined(riscos) if (is_macos_native_path(f)) { - if (rb_safe_level() >= 2 && !rb_path_check(f)) { + if (rb_safe_level() >= 1 && !rb_path_check(f)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } if (file_load_ok(f)) return path; @@ -2747,7 +2747,7 @@ rb_find_file(path) #endif if (is_absolute_path(f)) { - if (rb_safe_level() >= 2 && !rb_path_check(f)) { + if (rb_safe_level() >= 1 && !rb_path_check(f)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } if (file_load_ok(f)) return path; @@ -2775,7 +2775,7 @@ rb_find_file(path) } else { lpath = RSTRING(tmp)->ptr; - if (rb_safe_level() >= 2 && !rb_path_check(lpath)) { + if (rb_safe_level() >= 1 && !rb_path_check(lpath)) { rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath); } } @@ -2788,6 +2788,9 @@ rb_find_file(path) return 0; /* no path, no load */ } f = dln_find_file(f, lpath); + if (rb_safe_level() >= 1 && !rb_path_check(f)) { + rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); + } if (file_load_ok(f)) { return rb_str_new2(f); } |