diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2020-12-29 18:45:42 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2020-12-29 18:45:42 +0100 |
| commit | fb08e3655ee2f6f3e84139ab4dd51529bda055c9 (patch) | |
| tree | 64f98f15f09904f411b8711ed1deda93091ac736 | |
| parent | b7b740a04c3f599c518bdfa606812e75acfc9d80 (diff) | |
| download | plan9front-fb08e3655ee2f6f3e84139ab4dd51529bda055c9.tar.xz | |
plumber: open rule files as OCEXEC, to avoid leaking them to sub commands
| -rw-r--r-- | sys/src/cmd/plumb/rules.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/src/cmd/plumb/rules.c b/sys/src/cmd/plumb/rules.c index c5bec452d..4ceb4cad8 100644 --- a/sys/src/cmd/plumb/rules.c +++ b/sys/src/cmd/plumb/rules.c @@ -410,11 +410,11 @@ include(char *s) if(n>2 && args[2][0] != '#') goto Err; t = args[1]; - fd = open(t, OREAD); + fd = open(t, OREAD|OCEXEC); if(fd<0 && t[0]!='/' && strncmp(t, "./", 2)!=0 && strncmp(t, "../", 3)!=0){ snprint(buf, sizeof buf, "/sys/lib/plumb/%s", t); t = buf; - fd = open(t, OREAD); + fd = open(t, OREAD|OCEXEC); } if(fd < 0) parseerror("can't open %s for inclusion", t); |