Author: mvidner Date: Fri Nov 9 13:36:39 2007 New Revision: 41918 URL: http://svn.opensuse.org/viewcvs/yast?rev=41918&view=rev Log: Do not look for YCP scripts under the current working directory, unless explicitly requested (#330965). Modified: trunk/core/VERSION trunk/core/libycp/src/pathsearch.cc trunk/core/package/yast2-core.changes trunk/core/wfm/src/Y2CCWFM.cc Modified: trunk/core/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/VERSION?rev=41918&r1=41917&r2=41918&view=diff ============================================================================== --- trunk/core/VERSION (original) +++ trunk/core/VERSION Fri Nov 9 13:36:39 2007 @@ -1 +1 @@ -2.16.1 +2.16.2 Modified: trunk/core/libycp/src/pathsearch.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/libycp/src/pathsearch.cc?rev=41918&r1=41917&r2=41918&view=diff ============================================================================== --- trunk/core/libycp/src/pathsearch.cc (original) +++ trunk/core/libycp/src/pathsearch.cc Fri Nov 9 13:36:39 2007 @@ -71,16 +71,25 @@ for (int i = 0; i < NUM_LEVELS; i++) { - if (home - && strcmp (paths[i], "HOME") == 0) + // #330965, avoid publicly writable dirs in search path + // (we return a nonexistent dir because the API does not + // allow us to say Skip, and a cleanup patch to fix that + // would be too large) + static const char * not_there = YAST2DIR "/not-there"; + if (strcmp (paths[i], "HOME") == 0) { + if (home) my_paths[i] = string (home) + "/.yast2"; + else + my_paths[i] = string (not_there); } - else if (y2dir - && (strcmp (paths[i], "Y2DIR") == 0) - && (strcmp (YAST2DIR, y2dir) != 0)) // prevent path duplication + else if (strcmp (paths[i], "Y2DIR") == 0) { + if (y2dir + && (strcmp (YAST2DIR, y2dir) != 0)) // prevent path duplication my_paths[i] = string (y2dir); + else + my_paths[i] = string (not_there); } else { Modified: trunk/core/package/yast2-core.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/package/yast2-core.changes?rev=41918&r1=41917&r2=41918&view=diff ============================================================================== --- trunk/core/package/yast2-core.changes (original) +++ trunk/core/package/yast2-core.changes Fri Nov 9 13:36:39 2007 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Fri Nov 2 14:03:37 CET 2007 - mvidner@suse.cz + +- Do not look for YCP scripts under the current working + directory, unless explicitly requested (#330965). +- 2.16.2 + +------------------------------------------------------------------- Thu Oct 4 15:03:52 CEST 2007 - mvidner@suse.cz - Distinguish "foo.ycp contains an error" from "foo.ycp not found" Modified: trunk/core/wfm/src/Y2CCWFM.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/wfm/src/Y2CCWFM.cc?rev=41918&r1=41917&r2=41918&view=diff ============================================================================== --- trunk/core/wfm/src/Y2CCWFM.cc (original) +++ trunk/core/wfm/src/Y2CCWFM.cc Fri Nov 9 13:36:39 2007 @@ -89,7 +89,11 @@ { // not found "clients/<name>.ycp" // try plain name + // only if the name contains a slash, #330965#c10 + if (!strchr (name, '/')) + return 0; + // we have to keep completeFilename because it also does :: translation :( fullname = Y2PathSearch::completeFilename (string (name)); if (fullname.empty()) return 0; @@ -98,22 +102,14 @@ if (!file) return 0; // Not found under the direct path either. filename = name; - // 2nd try: examine the file: Is it not executable or does - // the name end in .ycp or does the file begin with #!/bin/y2wfm + // 2nd try: examine the file: does the name end in .ycp bool try_it = false; if (strlen(name) > 4 && !strcmp(name + strlen(name) - 4, ".ycp")) try_it = true; - else { - struct stat buf; - if (0 == stat(name, &buf)) - { - // Try it, if it is not executable - if (S_ISREG(buf.st_mode) && buf.st_mode & S_IXOTH != S_IXOTH) - try_it = true; - } - } + // The stat code that used to be here had a bug + // in operator precedence rendering it useless. let's make it explicit. if (!try_it) return 0; modulename = string(name); -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org