From bedc31f559ef29ff3403c69dd6bda448f2444c78 Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Tue, 5 Nov 2002 17:54:38 +0000
Subject: [w3m-dev 03374] disable_secret_security_check * etc.c
 (openSecurityFile): disable_secret_security_check * fm.h
 (disable_secret_security_check): added * rc.c
 (CMT_DISABLE_SECRET_SECURITY_CHECK): added 
 (disable_secret_security_check): added * NEWS: rc:
 disable_secret_security_check From: Fumitoshi UKAI  <ukai@debian.or.jp>

---
 etc.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'etc.c')

diff --git a/etc.c b/etc.c
index 00ec3e2..74c9def 100644
--- a/etc.c
+++ b/etc.c
@@ -1,4 +1,4 @@
-/* $Id: etc.c,v 1.32 2002/11/05 17:12:02 ukai Exp $ */
+/* $Id: etc.c,v 1.33 2002/11/05 17:54:39 ukai Exp $ */
 #include "fm.h"
 #include <pwd.h>
 #include "myctype.h"
@@ -1047,8 +1047,16 @@ openSecretFile(char *fname)
 
     /* check permissions, if group or others readable or writable,
      * refuse it, because it's insecure.
+     *
+     * XXX: disable_secret_security_check will introduce some
+     *    security issues, but on some platform such as Windows
+     *	  it's not possible (or feasible) to disable group|other
+     *    readable and writable.
+     *	 [w3m-dev 03368][w3m-dev 03369][w3m-dev 03370]
      */
-    if ((st.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
+    if (disable_secret_security_check)
+	/* do nothing */ ;
+    else if ((st.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
 	if (fmInitialized) {
 	    message(Sprintf(FILE_IS_READABLE_MSG, fname)->ptr, 0, 0);
 	    refresh();
-- 
cgit v1.2.3