ref: 701501daf3859f3a303c55290f9a8c51edb7b927
parent: c2c344700b65623180490a5662725b761c65694a
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Tue Dec 29 13:45:42 EST 2020
plumber: open rule files as OCEXEC, to avoid leaking them to sub commands
--- a/sys/src/cmd/plumb/rules.c
+++ b/sys/src/cmd/plumb/rules.c
@@ -410,11 +410,11 @@
if(n>2 && args[2][0] != '#')
goto Err;
t = args[1];
- fd = open(t, OREAD);
+ fd = open(t, OREAD|OCEXEC);
if(fd<0 && t[0]!='/' && strncmp(t, "./", 2)!=0 && strncmp(t, "../", 3)!=0){snprint(buf, sizeof buf, "/sys/lib/plumb/%s", t);
t = buf;
- fd = open(t, OREAD);
+ fd = open(t, OREAD|OCEXEC);
}
if(fd < 0)
parseerror("can't open %s for inclusion", t);--
⑨