From bb544954b2679d4bd86fa6da6da29171e65e017a Mon Sep 17 00:00:00 2001 From: matz Date: Mon, 10 Mar 2003 15:05:18 +0000 Subject: * file.c (rb_find_file): need world writable directory check for relative paths too. * file.c (rb_find_file): world writable directory check if $SAFE >= 1 (was $SAFE >= 2). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@3571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 10 ++++++++++ eval.c | 2 +- ext/pty/pty.c | 9 +++++---- file.c | 13 ++++++++----- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index def87d00b2..3df4eae87c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +Mon Mar 10 23:19:29 2003 Yukihiro Matsumoto + + * file.c (rb_find_file): need world writable directory check for + relative paths too. + +Mon Mar 10 11:23:00 2003 Yukihiro Matsumoto + + * file.c (rb_find_file): world writable directory check if + $SAFE >= 1 (was $SAFE >= 2). + Mon Mar 10 01:59:47 2003 Minero Aoki * lib/net/pop.rb: do not dispatch LIST when a mailbox is empty. diff --git a/eval.c b/eval.c index 0a0eb12f02..498182de1d 100644 --- a/eval.c +++ b/eval.c @@ -4029,7 +4029,7 @@ massign(self, node, val, pcall) len = RARRAY(val)->len; list = node->nd_head; - if (len == 1 && list && (!pcall || list->nd_next || node->nd_args)) { + if (len == 1 && list) { VALUE v = RARRAY(val)->ptr[0]; tmp = rb_check_array_type(v); diff --git a/ext/pty/pty.c b/ext/pty/pty.c index f1d4f73a18..3189b9ae65 100644 --- a/ext/pty/pty.c +++ b/ext/pty/pty.c @@ -411,8 +411,9 @@ pty_getpty(argc, argv, self) VALUE *argv; VALUE self; { - VALUE res, th; - struct pty_info info, thinfo; + VALUE res; + struct pty_info info; + struct pty_info thinfo; OpenFile *wfptr,*rfptr; VALUE rport = rb_obj_alloc(rb_cFile); VALUE wport = rb_obj_alloc(rb_cFile); @@ -435,11 +436,11 @@ pty_getpty(argc, argv, self) rb_ary_store(res,1,(VALUE)wport); rb_ary_store(res,2,INT2FIX(info.child_pid)); - th = rb_thread_create(pty_syswait, (void*)&info); - thinfo.thread = th; + thinfo.thread = rb_thread_create(pty_syswait, (void*)&info); thinfo.child_pid = info.child_pid; if (rb_block_given_p()) { + rb_ensure(rb_yield, res, pty_finalize_syswait, (VALUE)&thinfo); return Qnil; } diff --git a/file.c b/file.c index 407a76d8ac..b5747113c8 100644 --- a/file.c +++ b/file.c @@ -2731,15 +2731,15 @@ rb_find_file(path) if (f[0] == '~') { path = rb_file_expand_path(path, Qnil); - if (rb_safe_level() >= 2 && OBJ_TAINTED(path)) { - rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); + if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) { + rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); } f = StringValuePtr(path); } #if defined(__MACOS__) || defined(riscos) if (is_macos_native_path(f)) { - if (rb_safe_level() >= 2 && !rb_path_check(f)) { + if (rb_safe_level() >= 1 && !rb_path_check(f)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } if (file_load_ok(f)) return path; @@ -2747,7 +2747,7 @@ rb_find_file(path) #endif if (is_absolute_path(f)) { - if (rb_safe_level() >= 2 && !rb_path_check(f)) { + if (rb_safe_level() >= 1 && !rb_path_check(f)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } if (file_load_ok(f)) return path; @@ -2775,7 +2775,7 @@ rb_find_file(path) } else { lpath = RSTRING(tmp)->ptr; - if (rb_safe_level() >= 2 && !rb_path_check(lpath)) { + if (rb_safe_level() >= 1 && !rb_path_check(lpath)) { rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath); } } @@ -2788,6 +2788,9 @@ rb_find_file(path) return 0; /* no path, no load */ } f = dln_find_file(f, lpath); + if (rb_safe_level() >= 1 && !rb_path_check(f)) { + rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); + } if (file_load_ok(f)) { return rb_str_new2(f); } -- cgit v1.2.3