diff options
| author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-02-28 14:55:05 +0000 |
|---|---|---|
| committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-02-28 14:55:05 +0000 |
| commit | e94087c279902302c826fa33747cb5998c0323d3 (patch) | |
| tree | 270abafe65a963d2acb314f798491bd03de1a37d | |
| parent | a6da4f8ac7147cf2c7b29c54dc9f395f0038f30c (diff) | |
merge revision(s) 66909: [Backport #15555]
tmpdir.rb: permission of user given directory
* lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the
parent directory only when using the default temporary
directory, and no check against user given directory. the
security is the user's responsibility in that case.
[ruby-core:91216] [Bug #15555]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | lib/tmpdir.rb | 17 | ||||
| -rw-r--r-- | test/test_tmpdir.rb | 6 | ||||
| -rw-r--r-- | version.h | 2 |
3 files changed, 19 insertions, 6 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index 13ed580eb4..eaa67bc58e 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -83,14 +83,20 @@ class Dir # end # def self.mktmpdir(prefix_suffix=nil, *rest) - path = Tmpname.create(prefix_suffix || "d", *rest) {|n| mkdir(n, 0700)} + base = nil + path = Tmpname.create(prefix_suffix || "d", *rest) {|path, _, _, d| + base = d + mkdir(path, 0700) + } if block_given? begin yield path ensure - stat = File.stat(File.dirname(path)) - if stat.world_writable? and !stat.sticky? - raise ArgumentError, "parent directory is world writable but not sticky" + unless base + stat = File.stat(File.dirname(path)) + if stat.world_writable? and !stat.sticky? + raise ArgumentError, "parent directory is world writable but not sticky" + end end FileUtils.remove_entry path end @@ -124,12 +130,13 @@ class Dir if $SAFE > 0 and tmpdir.tainted? tmpdir = '/tmp' else + origdir = tmpdir tmpdir ||= tmpdir() end n = nil begin path = File.join(tmpdir, make_tmpname(basename, n)) - yield(path, n, opts) + yield(path, n, opts, origdir) rescue Errno::EEXIST n ||= 0 n += 1 diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb index c9e85aeae2..32de4b0b7a 100644 --- a/test/test_tmpdir.rb +++ b/test/test_tmpdir.rb @@ -31,6 +31,12 @@ class TestTmpdir < Test::Unit::TestCase assert_equal(tmpdir, Dir.tmpdir) File.chmod(0777, tmpdir) assert_not_equal(tmpdir, Dir.tmpdir) + newdir = Dir.mktmpdir("d", tmpdir) do |dir| + assert_file.directory? dir + assert_equal(tmpdir, File.dirname(dir)) + dir + end + assert_file.not_exist?(newdir) File.chmod(01777, tmpdir) assert_equal(tmpdir, Dir.tmpdir) ensure @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.4.6" #define RUBY_RELEASE_DATE "2019-02-28" -#define RUBY_PATCHLEVEL 348 +#define RUBY_PATCHLEVEL 349 #define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_MONTH 2 |