exec: prevent a command in a current dirctory from being executed
A command in a current directory should be executed only if $PATH contains the directory such as '.'. This will improve the compatibility with Unix shell script and the security. modified: exec.c
This commit is contained in:
parent
eb43e28996
commit
1b4d572b77
9
exec.c
9
exec.c
|
@ -1332,6 +1332,15 @@ search_path(const char *name, const char *lpath,
|
||||||
sp = p;
|
sp = p;
|
||||||
XcheckN(xs, xp, namelen);
|
XcheckN(xs, xp, namelen);
|
||||||
memcpy(xp, name, namelen);
|
memcpy(xp, name, namelen);
|
||||||
|
#ifdef __OS2__
|
||||||
|
/*
|
||||||
|
* Skip path without a directory part to prevent from searching the
|
||||||
|
* current directory. For example, PATH=;...;;...;
|
||||||
|
*/
|
||||||
|
if (!mksh_vdirsep(Xstring(xs, xp)))
|
||||||
|
/* nothing */;
|
||||||
|
else
|
||||||
|
#endif
|
||||||
if ((ev = search_access(Xstring(xs, xp), mode)) == 0) {
|
if ((ev = search_access(Xstring(xs, xp), mode)) == 0) {
|
||||||
name = Xclose(xs, xp + namelen);
|
name = Xclose(xs, xp + namelen);
|
||||||
goto search_path_ok;
|
goto search_path_ok;
|
||||||
|
|
Loading…
Reference in New Issue