diff options
| author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-04 20:50:13 +0000 |
|---|---|---|
| committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-04 20:50:13 +0000 |
| commit | b9a508bb9613b10e88611284448c4b7dfbeefc81 (patch) | |
| tree | 9de4c96750e634ce0e87ffdbd6e33b717f2a4895 /file.c | |
| parent | 5f61a22950233184db0771ef743706f7c3f99371 (diff) | |
* file.c (path_check_0): check if sticky bit is set on parent
directories for executable path. fixed: [ruby-dev:29415]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'file.c')
| -rw-r--r-- | file.c | 12 |
1 files changed, 5 insertions, 7 deletions
@@ -4046,7 +4046,7 @@ is_absolute_path(const char *path) #ifndef DOSISH static int -path_check_0(VALUE path, int loadpath) +path_check_0(VALUE path, int execpath) { struct stat st; char *p0 = StringValueCStr(path); @@ -4061,7 +4061,7 @@ path_check_0(VALUE path, int loadpath) rb_str_cat2(newpath, "/"); rb_str_cat2(newpath, p0); - return path_check_0(newpath, loadpath); + p0 = RSTRING_PTR(path = newpath); } for (;;) { #ifndef S_IWOTH @@ -4069,10 +4069,11 @@ path_check_0(VALUE path, int loadpath) #endif if (stat(p0, &st) == 0 && S_ISDIR(st.st_mode) && (st.st_mode & S_IWOTH) #ifdef S_ISVTX - && (loadpath || !(st.st_mode & S_ISVTX)) + && !(p && execpath && (st.st_mode & S_ISVTX)) #endif && !access(p0, W_OK)) { - rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode); + rb_warn("Insecure world writable dir %s in %sPATH, mode 0%o", + p0, (execpath ? "" : "LOAD_"), st.st_mode); if (p) *p = '/'; return 0; } @@ -4247,9 +4248,6 @@ rb_find_file(VALUE path) } else { lpath = RSTRING_PTR(tmp); - if (rb_safe_level() >= 1 && !rb_path_check(lpath)) { - rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath); - } } } else { |