* file.c (rb_find_file): need world writable directory check for

  relative paths too.

* file.c (rb_find_file): world writable directory check if
  $SAFE >= 1 (was $SAFE >= 2).


git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@3571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 8 insertions, 5 deletions

diff --git a/file.c b/file.c
index 407a76d8a..b5747113c 100644
--- a/file.c
+++ b/file.c
@@ -2731,15 +2731,15 @@ rb_find_file(path)
 
     if (f[0] == '~') {
 	path = rb_file_expand_path(path, Qnil);
-	if (rb_safe_level() >= 2 && OBJ_TAINTED(path)) {
-	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
+	if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) {
+	    rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
 	}
 	f = StringValuePtr(path);
     }
 
 #if defined(__MACOS__) || defined(riscos)
     if (is_macos_native_path(f)) {
-	if (rb_safe_level() >= 2 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@@ -2747,7 +2747,7 @@ rb_find_file(path)
 #endif
 
     if (is_absolute_path(f)) {
-	if (rb_safe_level() >= 2 && !rb_path_check(f)) {
+	if (rb_safe_level() >= 1 && !rb_path_check(f)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
 	}
 	if (file_load_ok(f)) return path;
@@ -2775,7 +2775,7 @@ rb_find_file(path)
 	}
 	else {
 	    lpath = RSTRING(tmp)->ptr;
-	    if (rb_safe_level() >= 2 && !rb_path_check(lpath)) {
+	    if (rb_safe_level() >= 1 && !rb_path_check(lpath)) {
 		rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath);
 	    }
 	}
@@ -2788,6 +2788,9 @@ rb_find_file(path)
 	return 0;		/* no path, no load */
     }
     f = dln_find_file(f, lpath);
+    if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+	rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
+    }
     if (file_load_ok(f)) {
 	return rb_str_new2(f);
     }