* file.c (rb_find_file): need world writable directory check for

relative paths too.

* file.c (rb_find_file): world writable directory check if
  $SAFE >= 1 (was $SAFE >= 2).


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@3571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,13 @@
+Mon Mar 10 23:19:29 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* file.c (rb_find_file): need world writable directory check for
+	  relative paths too.
+
+Mon Mar 10 11:23:00 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* file.c (rb_find_file): world writable directory check if
+	  $SAFE >= 1 (was $SAFE >= 2).
+
 Mon Mar 10 01:59:47 2003  Minero Aoki  <aamine@loveruby.net>
 
 	* lib/net/pop.rb: do not dispatch LIST when a mailbox is empty.

eval.c

@@ -4029,7 +4029,7 @@ massign(self, node, val, pcall)
 
     len = RARRAY(val)->len;
     list = node->nd_head;
-    if (len == 1 && list && (!pcall || list->nd_next || node->nd_args)) {
+    if (len == 1 && list) {
 	VALUE v = RARRAY(val)->ptr[0];
 	tmp = rb_check_array_type(v);
 

ext/pty/pty.c

@@ -411,8 +411,9 @@ pty_getpty(argc, argv, self)
     VALUE *argv;
     VALUE self;
 {
-    VALUE res, th;
+    VALUE res;
-    struct pty_info info, thinfo;
+    struct pty_info info;
+    struct pty_info thinfo;
     OpenFile *wfptr,*rfptr;
     VALUE rport = rb_obj_alloc(rb_cFile);
     VALUE wport = rb_obj_alloc(rb_cFile);
@@ -435,11 +436,11 @@ pty_getpty(argc, argv, self)
     rb_ary_store(res,1,(VALUE)wport);
     rb_ary_store(res,2,INT2FIX(info.child_pid));
 
-    th = rb_thread_create(pty_syswait, (void*)&info);
+    thinfo.thread = rb_thread_create(pty_syswait, (void*)&info);
-    thinfo.thread = th;
     thinfo.child_pid = info.child_pid;
 
     if (rb_block_given_p()) {
+
 	rb_ensure(rb_yield, res, pty_finalize_syswait, (VALUE)&thinfo);
 	return Qnil;
     }

file.c

@@ -2731,15 +2731,15 @@ rb_find_file(path)
 
     if (f[0] == '~') {
 	path = rb_file_expand_path(path, Qnil);
-	if (rb_safe_level() >= 2 && OBJ_TAINTED(path)) {
+	if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) {
-	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
+	    rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
 	}
 	f = StringValuePtr(path);
     }
 
 #if defined(__MACOS__) || defined(riscos)
     if (is_macos_native_path(f)) {
-	if (rb_safe_level() >= 2 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@@ -2747,7 +2747,7 @@ rb_find_file(path)
 #endif
 
     if (is_absolute_path(f)) {
-	if (rb_safe_level() >= 2 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@@ -2775,7 +2775,7 @@ rb_find_file(path)
 	}
 	else {
 	    lpath = RSTRING(tmp)->ptr;
-	    if (rb_safe_level() >= 2 && !rb_path_check(lpath)) {
+	    if (rb_safe_level() >= 1 && !rb_path_check(lpath)) {
 		rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath);
 	    }
 	}
@@ -2788,6 +2788,9 @@ rb_find_file(path)
 	return 0;		/* no path, no load */
     }
     f = dln_find_file(f, lpath);
+    if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+	rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
+    }
     if (file_load_ok(f)) {
 	return rb_str_new2(f);
     }