From 56a3bfb691828a0cec5f3156c553efd8253fa914 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Wed, 23 Sep 2015 06:43:22 -0700
Subject: Fix race in ~/.txr_profile security check.

* parser.c (load_rcfile): Apply the privacy test to
the open stream, rather than the file name, thus
guarding against the possibility that a verified
file object is replaced by another one before it
is opened.
---
 parser.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'parser.c')

diff --git a/parser.c b/parser.c
index b56a3d6d..aeaad578 100644
--- a/parser.c
+++ b/parser.c
@@ -382,19 +382,19 @@ static void load_rcfile(val name)
   if (!funcall1(path_exists_p, name))
     return;
 
-  if (!funcall1(path_private_to_me_p, name)) {
-    format(std_output,
-           lit("** possible security problem: ~a is writable to others\n"),
-           name, nao);
-    return;
-  }
-
   uw_catch_begin (catch_syms, sy, va);
 
   open_txr_file(name, &lisp_p, &resolved_name, &stream);
 
-  if (stream)
+  if (stream) {
+    if (!funcall1(path_private_to_me_p, statf(stream))) {
+      format(std_output,
+             lit("** possible security problem: ~a is writable to others\n"),
+             name, nao);
+    } else {
       read_eval_stream(stream, std_output, nil);
+    }
+  }
 
   uw_catch(sy, va)
   {
-- 
cgit v1.2.3