diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2015-09-18 06:11:46 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2015-09-18 06:11:46 -0700 |
| commit | 379e712cb49f3e249bd5c50e41ec02bc40411816 (patch) | |
| tree | 65cea5fdf50f07d3ceeaa81706b7ed8c8107515e /parser.c | |
| parent | b88fe485cef6ac08b621b193e69556d65704398c (diff) | |
| download | txr-379e712cb49f3e249bd5c50e41ec02bc40411816.tar.gz txr-379e712cb49f3e249bd5c50e41ec02bc40411816.tar.bz2 txr-379e712cb49f3e249bd5c50e41ec02bc40411816.zip | |
Improved ~/.txr_profile checks, with security.
* parser.c (load_rcfile): Use path-exists-p for the existence
check. Since that doesn't throw, it's outside of the
catch section. Use path-private-to-me-p to impose a security
check on the profile file. If an error exception is caught,
show the details.
* txr.1: Added notes about security check.
Diffstat (limited to 'parser.c')
| -rw-r--r-- | parser.c | 21 |
1 files changed, 15 insertions, 6 deletions
@@ -375,12 +375,21 @@ static void load_rcfile(val name) val resolved_name; val lisp_p = t; val stream = nil; - val stat = nil; val catch_syms = cons(error_s, nil); + val path_private_to_me_p = intern(lit("path-private-to-me-p"), user_package); + val path_exists_p = intern(lit("path-exists-p"), user_package); - uw_catch_begin (catch_syms, sy, va); + if (!funcall1(path_exists_p, name)) + return; + + if (!funcall1(path_private_to_me_p, name)) { + format(std_output, + lit("** possible security problem: ~a is writable to others\n"), + name, nao); + return; + } - stat = statp(name); + uw_catch_begin (catch_syms, sy, va); open_txr_file(name, &lisp_p, &resolved_name, &stream); @@ -390,9 +399,9 @@ static void load_rcfile(val name) uw_catch(sy, va) { (void) va; - if (stat) - format(std_output, lit("** type ~s exception while loading ~s\n"), - sy, name, nao); + format(std_output, lit("** type ~s exception while loading ~a\n"), + sy, name, nao); + format(std_output, lit("** details: ~a\n"), car(va), nao); } uw_unwind; |