summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornaruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2019-01-29 09:19:52 +0000
committernaruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2019-01-29 09:19:52 +0000
commitfdca654c552b3dfe82101e43b9adc10e08b434b5 (patch)
treed6b0f4f603d51e19184eaa299ec4a5091a30e014
parentfbad5b97e8a42304b73b6141b57fb8ac45565ec2 (diff)
merge revision(s) 66909: [Backport #15555]
tmpdir.rb: permission of user given directory * lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the parent directory only when using the default temporary directory, and no check against user given directory. the security is the user's responsibility in that case. [ruby-core:91216] [Bug #15555] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--lib/tmpdir.rb17
-rw-r--r--test/test_tmpdir.rb6
-rw-r--r--version.h2
3 files changed, 19 insertions, 6 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb
index 7c0ce3a..87e53a8 100644
--- a/lib/tmpdir.rb
+++ b/lib/tmpdir.rb
@@ -83,14 +83,20 @@ class Dir
# end
#
def self.mktmpdir(prefix_suffix=nil, *rest)
- path = Tmpname.create(prefix_suffix || "d", *rest) {|n| mkdir(n, 0700)}
+ base = nil
+ path = Tmpname.create(prefix_suffix || "d", *rest) {|path, _, _, d|
+ base = d
+ mkdir(path, 0700)
+ }
if block_given?
begin
yield path
ensure
- stat = File.stat(File.dirname(path))
- if stat.world_writable? and !stat.sticky?
- raise ArgumentError, "parent directory is world writable but not sticky"
+ unless base
+ stat = File.stat(File.dirname(path))
+ if stat.world_writable? and !stat.sticky?
+ raise ArgumentError, "parent directory is world writable but not sticky"
+ end
end
FileUtils.remove_entry path
end
@@ -110,6 +116,7 @@ class Dir
if $SAFE > 0 and tmpdir.tainted?
tmpdir = '/tmp'
else
+ origdir = tmpdir
tmpdir ||= tmpdir()
end
n = nil
@@ -125,7 +132,7 @@ class Dir
path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"\
"#{n ? %[-#{n}] : ''}#{suffix||''}"
path = File.join(tmpdir, path)
- yield(path, n, opts)
+ yield(path, n, opts, origdir)
rescue Errno::EEXIST
n ||= 0
n += 1
diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb
index eba9405..1e633d2 100644
--- a/test/test_tmpdir.rb
+++ b/test/test_tmpdir.rb
@@ -33,6 +33,12 @@ class TestTmpdir < Test::Unit::TestCase
assert_equal(tmpdir, Dir.tmpdir)
File.chmod(0777, tmpdir)
assert_not_equal(tmpdir, Dir.tmpdir)
+ newdir = Dir.mktmpdir("d", tmpdir) do |dir|
+ assert_file.directory? dir
+ assert_equal(tmpdir, File.dirname(dir))
+ dir
+ end
+ assert_file.not_exist?(newdir)
File.chmod(01777, tmpdir)
assert_equal(tmpdir, Dir.tmpdir)
ensure
diff --git a/version.h b/version.h
index da5327b..c031bf5 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
#define RUBY_VERSION "2.6.1"
#define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 31
+#define RUBY_PATCHLEVEL 32
#define RUBY_RELEASE_YEAR 2019
#define RUBY_RELEASE_MONTH 1