1 files changed, 21 insertions, 9 deletions

diff --git a/file.c b/file.c
index c6e7b349e4..e95751432c 100644
--- a/file.c
+++ b/file.c
@@ -3850,11 +3850,12 @@ is_absolute_path(path)
 
 #ifndef DOSISH
 static int
-path_check_1(path)
-     VALUE path;
+path_check_0(fpath, loadpath)
+     VALUE fpath;
+     int loadpath;
 {
     struct stat st;
-    char *p0 = StringValueCStr(path);
+    char *p0 = StringValueCStr(fpath);
     char *p = 0, *s;
 
     if (!is_absolute_path(p0)) {
@@ -3866,7 +3867,7 @@ path_check_1(path)
 
 	rb_str_cat2(newpath, "/");
 	rb_str_cat2(newpath, p0);
-	return path_check_1(newpath);
+	return path_check_0(newpath, loadpath);
     }
     for (;;) {
 #ifndef S_IWOTH
@@ -3874,7 +3875,7 @@ path_check_1(path)
 #endif
 	if (stat(p0, &st) == 0 && S_ISDIR(st.st_mode) && (st.st_mode & S_IWOTH)
 #ifdef S_ISVTX
-	    && !(st.st_mode & S_ISVTX)
+	    && (loadpath || !(st.st_mode & S_ISVTX))
 #endif
 	    ) {
 	    rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
@@ -3890,6 +3891,17 @@ path_check_1(path)
 }
 #endif
 
+static int
+fpath_check(path)
+    char *path;
+{
+#ifndef DOSISH
+    return path_check_0(path, Qfalse);
+#else
+    return 1;
+#endif
+}
+
 int
 rb_path_check(path)
     char *path;
@@ -3906,7 +3918,7 @@ rb_path_check(path)
     if (!p) p = pend;
 
     for (;;) {
-	if (!path_check_1(rb_str_new(p0, p - p0))) {
+	if (!path_check_0(rb_str_new(p0, p - p0), Qtrue)) {
 	    return 0;		/* not safe */
 	}
 	p0 = p + 1;
@@ -4018,7 +4030,7 @@ rb_find_file(path)
 
 #if defined(__MACOS__) || defined(riscos)
     if (is_macos_native_path(f)) {
-	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !fpath_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@@ -4026,7 +4038,7 @@ rb_find_file(path)
 #endif
 
     if (is_absolute_path(f)) {
-	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !fpath_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@@ -4067,7 +4079,7 @@ rb_find_file(path)
 	return 0;		/* no path, no load */
     }
     f = dln_find_file(f, lpath);
-    if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+    if (rb_safe_level() >= 1 && !fpath_check(f)) {
 	rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
     }
     if (file_load_ok(f)) {