Mailinglist Archive: yast-commit (864 mails)
| < Previous | Next > |
[yast-commit] r41918 - in /trunk/core: VERSION libycp/src/pathsearch.cc package/yast2-core.changes wfm/src/Y2CCWFM.cc
- From: mvidner@xxxxxxxxxxxxxxxx
- Date: Fri, 09 Nov 2007 12:36:40 -0000
- Message-id: <20071109123640.47B2329855@xxxxxxxxxxxxxxxx>
Author: mvidner
Date: Fri Nov 9 13:36:39 2007
New Revision: 41918
URL: http://svn.opensuse.org/viewcvs/yast?rev=41918&view=rev
Log:
Do not look for YCP scripts under the current working
directory, unless explicitly requested (#330965).
Modified:
trunk/core/VERSION
trunk/core/libycp/src/pathsearch.cc
trunk/core/package/yast2-core.changes
trunk/core/wfm/src/Y2CCWFM.cc
Modified: trunk/core/VERSION
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/VERSION?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/VERSION (original)
+++ trunk/core/VERSION Fri Nov 9 13:36:39 2007
@@ -1 +1 @@
-2.16.1
+2.16.2
Modified: trunk/core/libycp/src/pathsearch.cc
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/libycp/src/pathsearch.cc?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/libycp/src/pathsearch.cc (original)
+++ trunk/core/libycp/src/pathsearch.cc Fri Nov 9 13:36:39 2007
@@ -71,16 +71,25 @@
for (int i = 0; i < NUM_LEVELS; i++)
{
- if (home
- && strcmp (paths[i], "HOME") == 0)
+ // #330965, avoid publicly writable dirs in search path
+ // (we return a nonexistent dir because the API does not
+ // allow us to say Skip, and a cleanup patch to fix that
+ // would be too large)
+ static const char * not_there = YAST2DIR "/not-there";
+ if (strcmp (paths[i], "HOME") == 0)
{
+ if (home)
my_paths[i] = string (home) + "/.yast2";
+ else
+ my_paths[i] = string (not_there);
}
- else if (y2dir
- && (strcmp (paths[i], "Y2DIR") == 0)
- && (strcmp (YAST2DIR, y2dir) != 0)) //
prevent path duplication
+ else if (strcmp (paths[i], "Y2DIR") == 0)
{
+ if (y2dir
+ && (strcmp (YAST2DIR, y2dir) != 0)) //
prevent path duplication
my_paths[i] = string (y2dir);
+ else
+ my_paths[i] = string (not_there);
}
else
{
Modified: trunk/core/package/yast2-core.changes
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/package/yast2-core.changes?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/package/yast2-core.changes (original)
+++ trunk/core/package/yast2-core.changes Fri Nov 9 13:36:39 2007
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Fri Nov 2 14:03:37 CET 2007 - mvidner@xxxxxxx
+
+- Do not look for YCP scripts under the current working
+ directory, unless explicitly requested (#330965).
+- 2.16.2
+
+-------------------------------------------------------------------
Thu Oct 4 15:03:52 CEST 2007 - mvidner@xxxxxxx
- Distinguish "foo.ycp contains an error" from "foo.ycp not found"
Modified: trunk/core/wfm/src/Y2CCWFM.cc
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/wfm/src/Y2CCWFM.cc?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/wfm/src/Y2CCWFM.cc (original)
+++ trunk/core/wfm/src/Y2CCWFM.cc Fri Nov 9 13:36:39 2007
@@ -89,7 +89,11 @@
{
// not found "clients/<name>.ycp"
// try plain name
+ // only if the name contains a slash, #330965#c10
+ if (!strchr (name, '/'))
+ return 0;
+ // we have to keep completeFilename because it also does :: translation
:(
fullname = Y2PathSearch::completeFilename (string (name));
if (fullname.empty())
return 0;
@@ -98,22 +102,14 @@
if (!file) return 0; // Not found under the direct path either.
filename = name;
- // 2nd try: examine the file: Is it not executable or does
- // the name end in .ycp or does the file begin with #!/bin/y2wfm
+ // 2nd try: examine the file: does the name end in .ycp
bool try_it = false;
if (strlen(name) > 4 && !strcmp(name + strlen(name) - 4, ".ycp"))
try_it = true;
- else {
- struct stat buf;
- if (0 == stat(name, &buf))
- {
- // Try it, if it is not executable
- if (S_ISREG(buf.st_mode) && buf.st_mode & S_IXOTH != S_IXOTH)
- try_it = true;
- }
- }
+ // The stat code that used to be here had a bug
+ // in operator precedence rendering it useless. let's make it explicit.
if (!try_it) return 0;
modulename = string(name);
--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx
Date: Fri Nov 9 13:36:39 2007
New Revision: 41918
URL: http://svn.opensuse.org/viewcvs/yast?rev=41918&view=rev
Log:
Do not look for YCP scripts under the current working
directory, unless explicitly requested (#330965).
Modified:
trunk/core/VERSION
trunk/core/libycp/src/pathsearch.cc
trunk/core/package/yast2-core.changes
trunk/core/wfm/src/Y2CCWFM.cc
Modified: trunk/core/VERSION
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/VERSION?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/VERSION (original)
+++ trunk/core/VERSION Fri Nov 9 13:36:39 2007
@@ -1 +1 @@
-2.16.1
+2.16.2
Modified: trunk/core/libycp/src/pathsearch.cc
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/libycp/src/pathsearch.cc?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/libycp/src/pathsearch.cc (original)
+++ trunk/core/libycp/src/pathsearch.cc Fri Nov 9 13:36:39 2007
@@ -71,16 +71,25 @@
for (int i = 0; i < NUM_LEVELS; i++)
{
- if (home
- && strcmp (paths[i], "HOME") == 0)
+ // #330965, avoid publicly writable dirs in search path
+ // (we return a nonexistent dir because the API does not
+ // allow us to say Skip, and a cleanup patch to fix that
+ // would be too large)
+ static const char * not_there = YAST2DIR "/not-there";
+ if (strcmp (paths[i], "HOME") == 0)
{
+ if (home)
my_paths[i] = string (home) + "/.yast2";
+ else
+ my_paths[i] = string (not_there);
}
- else if (y2dir
- && (strcmp (paths[i], "Y2DIR") == 0)
- && (strcmp (YAST2DIR, y2dir) != 0)) //
prevent path duplication
+ else if (strcmp (paths[i], "Y2DIR") == 0)
{
+ if (y2dir
+ && (strcmp (YAST2DIR, y2dir) != 0)) //
prevent path duplication
my_paths[i] = string (y2dir);
+ else
+ my_paths[i] = string (not_there);
}
else
{
Modified: trunk/core/package/yast2-core.changes
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/package/yast2-core.changes?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/package/yast2-core.changes (original)
+++ trunk/core/package/yast2-core.changes Fri Nov 9 13:36:39 2007
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Fri Nov 2 14:03:37 CET 2007 - mvidner@xxxxxxx
+
+- Do not look for YCP scripts under the current working
+ directory, unless explicitly requested (#330965).
+- 2.16.2
+
+-------------------------------------------------------------------
Thu Oct 4 15:03:52 CEST 2007 - mvidner@xxxxxxx
- Distinguish "foo.ycp contains an error" from "foo.ycp not found"
Modified: trunk/core/wfm/src/Y2CCWFM.cc
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/wfm/src/Y2CCWFM.cc?rev=41918&r1=41917&r2=41918&view=diff
==============================================================================
--- trunk/core/wfm/src/Y2CCWFM.cc (original)
+++ trunk/core/wfm/src/Y2CCWFM.cc Fri Nov 9 13:36:39 2007
@@ -89,7 +89,11 @@
{
// not found "clients/<name>.ycp"
// try plain name
+ // only if the name contains a slash, #330965#c10
+ if (!strchr (name, '/'))
+ return 0;
+ // we have to keep completeFilename because it also does :: translation
:(
fullname = Y2PathSearch::completeFilename (string (name));
if (fullname.empty())
return 0;
@@ -98,22 +102,14 @@
if (!file) return 0; // Not found under the direct path either.
filename = name;
- // 2nd try: examine the file: Is it not executable or does
- // the name end in .ycp or does the file begin with #!/bin/y2wfm
+ // 2nd try: examine the file: does the name end in .ycp
bool try_it = false;
if (strlen(name) > 4 && !strcmp(name + strlen(name) - 4, ".ycp"))
try_it = true;
- else {
- struct stat buf;
- if (0 == stat(name, &buf))
- {
- // Try it, if it is not executable
- if (S_ISREG(buf.st_mode) && buf.st_mode & S_IXOTH != S_IXOTH)
- try_it = true;
- }
- }
+ // The stat code that used to be here had a bug
+ // in operator precedence rendering it useless. let's make it explicit.
if (!try_it) return 0;
modulename = string(name);
--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx
| < Previous | Next > |