diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | file.c | 9 | ||||
-rw-r--r-- | marshal.c | 11 | ||||
-rw-r--r-- | process.c | 3 |
4 files changed, 21 insertions, 11 deletions
@@ -1,3 +1,12 @@ +Tue Feb 19 14:45:32 2002 Yukihiro Matsumoto <matz@ruby-lang.org> + + * file.c (path_check_1): should check directory sticky bits. + + * process.c (security): need not to warn twice. + + * marshal.c (r_object): complete restoration before calling + r_regist(). + Tue Feb 19 14:24:36 2002 Yukihiro Matsumoto <matz@ruby-lang.org> * parse.y (yylex): operators in the "op" rule should make @@ -2304,7 +2304,14 @@ path_check_1(path) return path_check_1(newpath); } for (;;) { - if (stat(p0, &st) == 0 && (st.st_mode & 002)) { +#ifndef S_IWOTH +# define S_IWOTH 002 +#endif + if (stat(p0, &st) == 0 && S_ISDIR(st->st_mode) && (st.st_mode & S_IWOTH) +#ifdef S_ISVTX + && !(st.st_mode & S_ISVTX) +#endif + ) { if (p) *p = '/'; rb_warn("Unsecure world writeable dir %s , mode 0%o", p0, st.st_mode); return 0; @@ -927,11 +927,10 @@ r_object(arg) volatile long len = r_long(arg); /* gcc 2.7.2.3 -O2 bug?? */ v = rb_ary_new2(len); - r_regist(v, arg); while (len--) { rb_ary_push(v, r_object(arg)); } - return v; + return r_regist(v, arg);; } case TYPE_HASH: @@ -940,7 +939,6 @@ r_object(arg) long len = r_long(arg); v = rb_hash_new(); - r_regist(v, arg); while (len--) { VALUE key = r_object(arg); VALUE value = r_object(arg); @@ -949,7 +947,7 @@ r_object(arg) if (type == TYPE_HASH_DEF) { RHASH(v)->ifnone = r_object(arg); } - return v; + return r_regist(v, arg); } case TYPE_STRUCT: @@ -971,7 +969,6 @@ r_object(arg) rb_ary_push(values, Qnil); } v = rb_struct_alloc(klass, values); - r_regist(v, arg); for (i=0; i<len; i++) { slot = r_symbol(arg); @@ -983,6 +980,7 @@ r_object(arg) } rb_struct_aset(v, INT2FIX(i), r_object(arg)); } + r_regist(v, arg); return v; } break; @@ -1010,9 +1008,8 @@ r_object(arg) if (TYPE(v) != T_OBJECT) { rb_raise(rb_eArgError, "dump format error"); } - r_regist(v, arg); r_ivar(v, arg); - return v; + return r_regist(v, arg); } break; @@ -431,9 +431,6 @@ security(str) if (rb_safe_level() > 0) { rb_raise(rb_eSecurityError, "Insecure PATH - %s", str); } - else { - rb_warn("Insecure PATH - %s", str); - } } } |