* file.c (path_check_0): disallow sticky world writable directory

in PATH (and $LOAD_PATH). [ruby-dev:27226] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9255 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-15 16:44:01 +02:00 · 2005-09-20 17:44:57 +00:00 · 2005-09-20 17:44:57 +00:00 · cca26c2226
commit cca26c2226
parent db824a34dd
2 changed files with 26 additions and 9 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Wed Sep 21 02:44:09 2005  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* file.c (path_check_0): disallow sticky world writable directory
+	  in PATH (and $LOAD_PATH).  [ruby-dev:27226]
+
 Tue Sep 20 22:29:49 2005  NAKAMURA, Hiroshi  <nakahiro@sarion.co.jp>

 	* test/wsdl/simpletype/rpc/test_rpc.rb, test/wsdl/ref/test_ref.rb,
--- a/file.c
+++ b/file.c
@ -3850,11 +3850,12 @@ is_absolute_path(path)

 #ifndef DOSISH
 static int
-path_check_1(path)
-     VALUE path;
+path_check_0(fpath, loadpath)
+     VALUE fpath;
+     int loadpath;
 {
    struct stat st;
-    char *p0 = StringValueCStr(path);
+    char *p0 = StringValueCStr(fpath);
    char *p = 0, *s;

    if (!is_absolute_path(p0)) {
@ -3866,7 +3867,7 @@ path_check_1(path)

 	rb_str_cat2(newpath, "/");
 	rb_str_cat2(newpath, p0);
-	return path_check_1(newpath);
+	return path_check_0(newpath, loadpath);
    }
    for (;;) {
 #ifndef S_IWOTH
@ -3874,7 +3875,7 @@ path_check_1(path)
 #endif
 	if (stat(p0, &st) == 0 && S_ISDIR(st.st_mode) && (st.st_mode & S_IWOTH)
 #ifdef S_ISVTX
-	    && !(st.st_mode & S_ISVTX)
+	    && (loadpath || !(st.st_mode & S_ISVTX))
 #endif
 	    ) {
 	    rb_warn("Insecure world writable dir %s, mode 0%o", p0, st.st_mode);
@ -3890,6 +3891,17 @@ path_check_1(path)
 }
 #endif

+static int
+fpath_check(path)
+    char *path;
+{
+#ifndef DOSISH
+    return path_check_0(path, Qfalse);
+#else
+    return 1;
+#endif
+}
+
 int
 rb_path_check(path)
    char *path;
@ -3906,7 +3918,7 @@ rb_path_check(path)
    if (!p) p = pend;

    for (;;) {
-	if (!path_check_1(rb_str_new(p0, p - p0))) {
+	if (!path_check_0(rb_str_new(p0, p - p0), Qtrue)) {
 	    return 0;		/* not safe */
 	}
 	p0 = p + 1;
@ -4018,7 +4030,7 @@ rb_find_file(path)

 #if defined(__MACOS__) || defined(riscos)
    if (is_macos_native_path(f)) {
-	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !fpath_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@ -4026,7 +4038,7 @@ rb_find_file(path)
 #endif

    if (is_absolute_path(f)) {
-	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !fpath_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@ -4067,7 +4079,7 @@ rb_find_file(path)
 	return 0;		/* no path, no load */
    }
    f = dln_find_file(f, lpath);
-    if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+    if (rb_safe_level() >= 1 && !fpath_check(f)) {
 	rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
    }
    if (file_load_ok(f)) {