diff options
| author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-13 00:21:46 +0000 |
|---|---|---|
| committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-13 00:21:46 +0000 |
| commit | 8fa641a664f62005581491077749da9cbfe2d7e0 (patch) | |
| tree | 717269ad67111e037f5c5d629485db30a853f8b0 | |
| parent | 7e157824d3211b3d7ecff15db03749c2abe74efc (diff) | |
merge revision(s) 66909: [Backport #15555]
tmpdir.rb: permission of user given directory
* lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the
parent directory only when using the default temporary
directory, and no check against user given directory. the
security is the user's responsibility in that case.
[ruby-core:91216] [Bug #15555]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67241 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | lib/tmpdir.rb | 17 | ||||
| -rw-r--r-- | test/test_tmpdir.rb | 6 | ||||
| -rw-r--r-- | version.h | 2 |
3 files changed, 19 insertions, 6 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index 7c0ce3a7f0..d14c446727 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -83,14 +83,20 @@ class Dir # end # def self.mktmpdir(prefix_suffix=nil, *rest) - path = Tmpname.create(prefix_suffix || "d", *rest) {|n| mkdir(n, 0700)} + base = nil + path = Tmpname.create(prefix_suffix || "d", *rest) {|_path, _, _, d| + base = d + mkdir(_path, 0700) + } if block_given? begin yield path ensure - stat = File.stat(File.dirname(path)) - if stat.world_writable? and !stat.sticky? - raise ArgumentError, "parent directory is world writable but not sticky" + unless base + stat = File.stat(File.dirname(path)) + if stat.world_writable? and !stat.sticky? + raise ArgumentError, "parent directory is world writable but not sticky" + end end FileUtils.remove_entry path end @@ -110,6 +116,7 @@ class Dir if $SAFE > 0 and tmpdir.tainted? tmpdir = '/tmp' else + origdir = tmpdir tmpdir ||= tmpdir() end n = nil @@ -125,7 +132,7 @@ class Dir path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"\ "#{n ? %[-#{n}] : ''}#{suffix||''}" path = File.join(tmpdir, path) - yield(path, n, opts) + yield(path, n, opts, origdir) rescue Errno::EEXIST n ||= 0 n += 1 diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb index 7cdf2bba3a..fffec94788 100644 --- a/test/test_tmpdir.rb +++ b/test/test_tmpdir.rb @@ -31,6 +31,12 @@ class TestTmpdir < Test::Unit::TestCase assert_equal(tmpdir, Dir.tmpdir) File.chmod(0777, tmpdir) assert_not_equal(tmpdir, Dir.tmpdir) + newdir = Dir.mktmpdir("d", tmpdir) do |dir| + assert_file.directory? dir + assert_equal(tmpdir, File.dirname(dir)) + dir + end + assert_file.not_exist?(newdir) File.chmod(01777, tmpdir) assert_equal(tmpdir, Dir.tmpdir) ensure @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.5.4" #define RUBY_RELEASE_DATE "2019-03-13" -#define RUBY_PATCHLEVEL 153 +#define RUBY_PATCHLEVEL 154 #define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_MONTH 3 |