ruby/ruby-1.8.4-fix-alias-safe-level.patch
Akira TAGOH f0df5e45d5 - security fixes.
- ruby-1.8.4-fix-insecure-dir-operation.patch:
- ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure
    operations in the certain safe-level restrictions. (#199538)
- ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain
    safe-level restrictions. (#199543)
2006-07-20 11:06:45 +00:00

37 lines
1.2 KiB
Diff

diff -ruN ruby-1.8.4.orig/eval.c ruby-1.8.4/eval.c
--- ruby-1.8.4.orig/eval.c 2005-12-20 22:41:47.000000000 +0900
+++ ruby-1.8.4/eval.c 2006-07-20 18:33:50.000000000 +0900
@@ -2097,7 +2097,8 @@
}
}
st_insert(RCLASS(klass)->m_tbl, name,
- (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), orig->nd_noex));
+ (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin),
+ NOEX_WITH_SAFE(orig->nd_noex)));
if (singleton) {
rb_funcall(singleton, singleton_added, 1, ID2SYM(name));
}
@@ -5638,6 +5639,11 @@
TMP_PROTECT;
volatile int safe = -1;
+ if (NOEX_SAFE(flags) > ruby_safe_level &&
+ !(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+ rb_raise(rb_eSecurityError, "calling insecure method: %s",
+ rb_id2name(id));
+ }
switch (ruby_iter->iter) {
case ITER_PRE:
case ITER_PAS:
@@ -5742,10 +5748,6 @@
b2 = body = body->nd_next;
if (NOEX_SAFE(flags) > ruby_safe_level) {
- if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
- rb_raise(rb_eSecurityError, "calling insecure method: %s",
- rb_id2name(id));
- }
safe = ruby_safe_level;
ruby_safe_level = NOEX_SAFE(flags);
}