diff options
author | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-01-29 09:19:52 +0000 |
---|---|---|
committer | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-01-29 09:19:52 +0000 |
commit | fdca654c552b3dfe82101e43b9adc10e08b434b5 (patch) | |
tree | d6b0f4f603d51e19184eaa299ec4a5091a30e014 | |
parent | fbad5b97e8a42304b73b6141b57fb8ac45565ec2 (diff) |
merge revision(s) 66909: [Backport #15555]
tmpdir.rb: permission of user given directory
* lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the
parent directory only when using the default temporary
directory, and no check against user given directory. the
security is the user's responsibility in that case.
[ruby-core:91216] [Bug #15555]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | lib/tmpdir.rb | 17 | ||||
-rw-r--r-- | test/test_tmpdir.rb | 6 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 19 insertions, 6 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index 7c0ce3a7f0..87e53a83be 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -83,14 +83,20 @@ class Dir # end # def self.mktmpdir(prefix_suffix=nil, *rest) - path = Tmpname.create(prefix_suffix || "d", *rest) {|n| mkdir(n, 0700)} + base = nil + path = Tmpname.create(prefix_suffix || "d", *rest) {|path, _, _, d| + base = d + mkdir(path, 0700) + } if block_given? begin yield path ensure - stat = File.stat(File.dirname(path)) - if stat.world_writable? and !stat.sticky? - raise ArgumentError, "parent directory is world writable but not sticky" + unless base + stat = File.stat(File.dirname(path)) + if stat.world_writable? and !stat.sticky? + raise ArgumentError, "parent directory is world writable but not sticky" + end end FileUtils.remove_entry path end @@ -110,6 +116,7 @@ class Dir if $SAFE > 0 and tmpdir.tainted? tmpdir = '/tmp' else + origdir = tmpdir tmpdir ||= tmpdir() end n = nil @@ -125,7 +132,7 @@ class Dir path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"\ "#{n ? %[-#{n}] : ''}#{suffix||''}" path = File.join(tmpdir, path) - yield(path, n, opts) + yield(path, n, opts, origdir) rescue Errno::EEXIST n ||= 0 n += 1 diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb index eba94056e4..1e633d233b 100644 --- a/test/test_tmpdir.rb +++ b/test/test_tmpdir.rb @@ -33,6 +33,12 @@ class TestTmpdir < Test::Unit::TestCase assert_equal(tmpdir, Dir.tmpdir) File.chmod(0777, tmpdir) assert_not_equal(tmpdir, Dir.tmpdir) + newdir = Dir.mktmpdir("d", tmpdir) do |dir| + assert_file.directory? dir + assert_equal(tmpdir, File.dirname(dir)) + dir + end + assert_file.not_exist?(newdir) File.chmod(01777, tmpdir) assert_equal(tmpdir, Dir.tmpdir) ensure @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.6.1" #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 31 +#define RUBY_PATCHLEVEL 32 #define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_MONTH 1 |