File: interp-do-not-set-RUBYLIB-environment-variable-to-pr.patch

package info (click to toggle)
needrestart 3.6-4%2Bdeb12u3
  • links: PTS
  • area: main
  • in suites: bookworm
  • size: 936 kB
  • sloc: perl: 3,371; sh: 277; makefile: 82
file content (76 lines) | stat: -rw-r--r-- 2,129 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
From 840b750f77ff67f950528e87e87045cfa724d1eb Mon Sep 17 00:00:00 2001
From: Thomas Liske <thomas@fiasko-nw.net>
Date: Sun, 3 Nov 2024 20:00:03 +0100
Subject: [PATCH 3/5] interp: do not set RUBYLIB environment variable to
 prevent a LPE

---
 perl/lib/NeedRestart/Interp/Ruby.pm | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

--- a/perl/lib/NeedRestart/Interp/Ruby.pm
+++ b/perl/lib/NeedRestart/Interp/Ruby.pm
@@ -29,11 +29,13 @@ use warnings;
 
 use parent qw(NeedRestart::Interp);
 use Cwd qw(abs_path getcwd);
+use File::Temp qw(tempdir);
 use Getopt::Std;
 use NeedRestart qw(:interp);
 use NeedRestart::Utils;
 
 my $LOGPREF = '[Ruby]';
+my $empty_dir;
 
 needrestart_interp_register(__PACKAGE__);
 
@@ -76,6 +78,14 @@ sub _scan($$$$$) {
     }
 }
 
+# chdir into empty directory to prevent ruby parsing arbitrary files
+sub chdir_empty() {
+    unless(defined($empty_dir)) {
+        $empty_dir = tempdir(CLEANUP => 1);
+    }
+    chdir($empty_dir);
+}
+
 sub source {
     my $self = shift;
     my $pid = shift;
@@ -182,25 +192,28 @@ sub files {
 
     # use cached data if avail
     if(exists($cache->{files}->{(__PACKAGE__)}->{$src})) {
+	chdir($cwd);
 	print STDERR "$LOGPREF #$pid: use cached file list\n" if($self->{debug});
 	return %{ $cache->{files}->{(__PACKAGE__)}->{$src} };
     }
 
     # prepare include path environment variable
-    my %e = nr_parse_env($pid);
+    my @path;
     local %ENV;
+
+    # get include path from env
+    my %e = nr_parse_env($pid);
     if(exists($e{RUBYLIB})) {
-	$ENV{RUBYLIB} = $e{RUBYLIB};
-    }
-    elsif(exists($ENV{RUBYLIB})) {
-	delete($ENV{RUBYLIB});
+	@path = map { "/proc/$pid/root/$_"; } split(':', $e{RUBYLIB});
     }
 
     # get include path
+    chdir_empty();
     my $rbread = nr_fork_pipe($self->{debug}, $ptable->{exec}, '-e', 'puts $:');
-    my @path = map { "/proc/$pid/root/$_"; } <$rbread>;
+    push(@path, map { "/proc/$pid/root/$_"; } <$rbread>);
     close($rbread);
     chomp(@path);
+    chdir("/proc/$pid/root/$ptable->{cwd}");
 
     my %files;
     _scan($self->{debug}, $pid, $src, \%files, \@path);