* file.c (path_check_1): should check directory sticky bits.

* process.c (security): need not to warn twice. * marshal.c (r_object): complete restoration before calling r_regist(). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@2092 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2002-02-19 06:43:58 +00:00 · 2002-02-19 06:43:58 +00:00 · e60deb1555
commit e60deb1555
parent 87bf8b1dc3
4 changed files with 21 additions and 11 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+Tue Feb 19 14:45:32 2002  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* file.c (path_check_1): should check directory sticky bits.
+
+	* process.c (security): need not to warn twice.
+
+	* marshal.c (r_object): complete restoration before calling
+	  r_regist(). 
+
 Tue Feb 19 14:24:36 2002  Yukihiro Matsumoto  <matz@ruby-lang.org>

 	* parse.y (yylex): operators in the "op" rule should make
--- a/file.c
+++ b/file.c
@ -2304,7 +2304,14 @@ path_check_1(path)
 	return path_check_1(newpath);
    }
    for (;;) {
-	if (stat(p0, &st) == 0 && (st.st_mode & 002)) {
+#ifndef S_IWOTH
+# define S_IWOTH 002
+#endif
+	if (stat(p0, &st) == 0 && S_ISDIR(st->st_mode) && (st.st_mode & S_IWOTH)
+#ifdef S_ISVTX
+	    && !(st.st_mode & S_ISVTX)
+#endif
+	    ) {
 	    if (p) *p = '/';
 	    rb_warn("Unsecure world writeable dir %s , mode 0%o", p0, st.st_mode);
 	    return 0;
--- a/marshal.c
+++ b/marshal.c
@ -927,11 +927,10 @@ r_object(arg)
 	    volatile long len = r_long(arg); /* gcc 2.7.2.3 -O2 bug?? */

 	    v = rb_ary_new2(len);
-	    r_regist(v, arg);
 	    while (len--) {
 		rb_ary_push(v, r_object(arg));
 	    }
-	    return v;
+	    return r_regist(v, arg);;
 	}

      case TYPE_HASH:
@ -940,7 +939,6 @@ r_object(arg)
 	    long len = r_long(arg);

 	    v = rb_hash_new();
-	    r_regist(v, arg);
 	    while (len--) {
 		VALUE key = r_object(arg);
 		VALUE value = r_object(arg);
@ -949,7 +947,7 @@ r_object(arg)
 	    if (type == TYPE_HASH_DEF) {
 		RHASH(v)->ifnone = r_object(arg);
 	    }
-	    return v;
+	    return r_regist(v, arg);
 	}

      case TYPE_STRUCT:
@ -971,7 +969,6 @@ r_object(arg)
 		rb_ary_push(values, Qnil);
 	    }
 	    v = rb_struct_alloc(klass, values);
-	    r_regist(v, arg);
 	    for (i=0; i<len; i++) {
 		slot = r_symbol(arg);

@ -983,6 +980,7 @@ r_object(arg)
 		}
 		rb_struct_aset(v, INT2FIX(i), r_object(arg));
 	    }
+	    r_regist(v, arg);
 	    return v;
 	}
 	break;
@ -1010,9 +1008,8 @@ r_object(arg)
 	    if (TYPE(v) != T_OBJECT) {
 		rb_raise(rb_eArgError, "dump format error");
 	    }
-	    r_regist(v, arg);
 	    r_ivar(v, arg);
-	    return v;
+	    return r_regist(v, arg);
 	}
 	break;

--- a/process.c
+++ b/process.c
@ -431,9 +431,6 @@ security(str)
 	if (rb_safe_level() > 0) {
 	    rb_raise(rb_eSecurityError, "Insecure PATH - %s", str);
 	}
-	else {
-	    rb_warn("Insecure PATH - %s", str);
-	}
    }
 }