ref: fb08e3655ee2f6f3e84139ab4dd51529bda055c9
parent: b7b740a04c3f599c518bdfa606812e75acfc9d80
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Tue Dec 29 13:45:42 EST 2020
plumber: open rule files as OCEXEC, to avoid leaking them to sub commands
--- a/sys/src/cmd/plumb/rules.c
+++ b/sys/src/cmd/plumb/rules.c
@@ -410,11 +410,11 @@
if(n>2 && args[2][0] != '#')
goto Err;
t = args[1];
- fd = open(t, OREAD);
+ fd = open(t, OREAD|OCEXEC);
if(fd<0 && t[0]!='/' && strncmp(t, "./", 2)!=0 && strncmp(t, "../", 3)!=0){snprint(buf, sizeof buf, "/sys/lib/plumb/%s", t);
t = buf;
- fd = open(t, OREAD);
+ fd = open(t, OREAD|OCEXEC);
}
if(fd < 0)
parseerror("can't open %s for inclusion", t);