1 files changed, 122 insertions, 63 deletions

diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb
index 95ef08cfd6..f78fd721b7 100644
--- a/lib/tmpdir.rb
+++ b/lib/tmpdir.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # tmpdir - retrieve temporary directory path
 #
@@ -5,49 +6,53 @@
 #
 
 require 'fileutils'
+begin
+  require 'etc.so'
+rescue LoadError # rescue LoadError for miniruby
+end
 
 class Dir
 
-  @@systmpdir = '/tmp'
-
-  begin
-    require 'Win32API'
-    max_pathlen = 260
-    windir = ' '*(max_pathlen+1)
-    begin
-      getdir = Win32API.new('kernel32', 'GetSystemWindowsDirectory', 'PL', 'L')
-    rescue RuntimeError
-      getdir = Win32API.new('kernel32', 'GetWindowsDirectory', 'PL', 'L')
-    end
-    len = getdir.call(windir, windir.size)
-    windir = File.expand_path(windir[0, len])
-    temp = File.join(windir, 'temp')
-    @@systmpdir = temp if File.directory?(temp) and File.writable?(temp)
-  rescue LoadError
-  end
+  # Class variables are inaccessible from non-main Ractor.
+  # And instance variables too, in Ruby 3.0.
 
   ##
   # Returns the operating system's temporary file path.
+  #
+  #   require 'tmpdir'
+  #   Dir.tmpdir # => "/tmp"
 
-  def Dir::tmpdir
-    tmp = '.'
-    if $SAFE > 0
-      tmp = @@systmpdir
-    else
-      for dir in [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'],
-	          ENV['USERPROFILE'], @@systmpdir, '/tmp']
-	if dir and File.directory?(dir) and File.writable?(dir)
-	  tmp = dir
-	  break
-	end
+  def self.tmpdir
+    Tmpname::TMPDIR_CANDIDATES.find do |name, dir|
+      unless dir
+        next if !(dir = ENV[name] rescue next) or dir.empty?
       end
-    end
-    File.expand_path(tmp)
+      dir = File.expand_path(dir)
+      stat = File.stat(dir) rescue next
+      case
+      when !stat.directory?
+        warn "#{name} is not a directory: #{dir}"
+      when !File.writable?(dir)
+        # We call File.writable?, not stat.writable?, because you can't tell if a dir is actually
+        # writable just from stat; OS mechanisms other than user/group/world bits can affect this.
+        warn "#{name} is not writable: #{dir}"
+      when stat.world_writable? && !stat.sticky?
+        warn "#{name} is world-writable: #{dir}"
+      else
+        break dir
+      end
+    end or raise ArgumentError, "could not find a temporary directory"
   end
 
   # Dir.mktmpdir creates a temporary directory.
   #
+  #   require 'tmpdir'
+  #   Dir.mktmpdir {|dir|
+  #     # use the directory
+  #   }
+  #
   # The directory is created with 0700 permission.
+  # Application should not change the permission to make the temporary directory accessible from other users.
   #
   # The prefix and suffix of the name of the directory is specified by
   # the optional first argument, <i>prefix_suffix</i>.
@@ -68,12 +73,12 @@ class Dir
   # If a block is given,
   # it is yielded with the path of the directory.
   # The directory and its contents are removed
-  # using FileUtils.remove_entry_secure before Dir.mktmpdir returns.
+  # using FileUtils.remove_entry before Dir.mktmpdir returns.
   # The value of the block is returned.
   #
   #  Dir.mktmpdir {|dir|
   #    # use the directory...
-  #    open("#{dir}/foo", "w") { ... }
+  #    open("#{dir}/foo", "w") { something using the file }
   #  }
   #
   # If a block is not given,
@@ -83,47 +88,101 @@ class Dir
   #  dir = Dir.mktmpdir
   #  begin
   #    # use the directory...
-  #    open("#{dir}/foo", "w") { ... }
+  #    open("#{dir}/foo", "w") { something using the file }
   #  ensure
   #    # remove the directory.
-  #    FileUtils.remove_entry_secure dir
+  #    FileUtils.remove_entry dir
   #  end
   #
-  def Dir.mktmpdir(prefix_suffix=nil, tmpdir=nil)
-    case prefix_suffix
-    when nil
-      prefix = "d"
-      suffix = ""
-    when String
-      prefix = prefix_suffix
-      suffix = ""
-    when Array
-      prefix = prefix_suffix[0]
-      suffix = prefix_suffix[1]
+  def self.mktmpdir(prefix_suffix=nil, *rest, **options, &block)
+    base = nil
+    path = Tmpname.create(prefix_suffix || "d", *rest, **options) {|path, _, _, d|
+      base = d
+      mkdir(path, 0700)
+    }
+    if block
+      begin
+        yield path.dup
+      ensure
+        unless base
+          base = File.dirname(path)
+          stat = File.stat(base)
+          if stat.world_writable? and !stat.sticky?
+            raise ArgumentError, "parent directory is world writable but not sticky: #{base}"
+          end
+        end
+        FileUtils.remove_entry path
+      end
     else
-      raise ArgumentError, "unexpected prefix_suffix: #{prefix_suffix.inspect}"
+      path
     end
-    tmpdir ||= Dir.tmpdir
-    t = Time.now.strftime("%Y%m%d")
-    n = nil
-    begin
-      path = "#{tmpdir}/#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"
-      path << "-#{n}" if n
-      path << suffix
-      Dir.mkdir(path, 0700)
-    rescue Errno::EEXIST
-      n ||= 0
-      n += 1
-      retry
+  end
+
+  # Temporary name generator
+  module Tmpname # :nodoc:
+    module_function
+
+    # System-wide temporary directory path
+    systmpdir = (defined?(Etc.systmpdir) ? Etc.systmpdir.freeze : '/tmp')
+
+    # Temporary directory candidates consisting of environment variable
+    # names or description and path pairs.
+    TMPDIR_CANDIDATES = [
+      'TMPDIR', 'TMP', 'TEMP',
+      ['system temporary path', systmpdir],
+      %w[/tmp /tmp],
+      %w[. .],
+    ].each(&:freeze).freeze
+
+    def tmpdir
+      Dir.tmpdir
     end
 
-    if block_given?
+    # Unusable characters as path name
+    UNUSABLE_CHARS = "^,-.0-9A-Z_a-z~"
+
+    # Dedicated random number generator
+    RANDOM = Object.new
+    class << RANDOM # :nodoc:
+      # Maximum random number
+      MAX = 36**6 # < 0x100000000
+
+      # Returns new random string upto 6 bytes
+      def next
+        (::Random.urandom(4).unpack1("L")%MAX).to_s(36)
+      end
+    end
+    RANDOM.freeze
+    private_constant :RANDOM
+
+    # Generates and yields random names to create a temporary name
+    def create(basename, tmpdir=nil, max_try: nil, **opts)
+      if tmpdir
+        origdir = tmpdir = File.path(tmpdir)
+        raise ArgumentError, "empty parent path" if tmpdir.empty?
+      else
+        tmpdir = tmpdir()
+      end
+      n = nil
+      prefix, suffix = basename
+      prefix = (String.try_convert(prefix) or
+                raise ArgumentError, "unexpected prefix: #{prefix.inspect}")
+      prefix = prefix.delete(UNUSABLE_CHARS)
+      suffix &&= (String.try_convert(suffix) or
+                  raise ArgumentError, "unexpected suffix: #{suffix.inspect}")
+      suffix &&= suffix.delete(UNUSABLE_CHARS)
       begin
-        yield path
-      ensure
-        FileUtils.remove_entry_secure path
+        t = Time.now.strftime("%Y%m%d")
+        path = "#{prefix}#{t}-#{$$}-#{RANDOM.next}"\
+               "#{n ? %[-#{n}] : ''}#{suffix||''}"
+        path = File.join(tmpdir, path)
+        yield(path, n, opts, origdir)
+      rescue Errno::EEXIST
+        n ||= 0
+        n += 1
+        retry if !max_try or n < max_try
+        raise "cannot generate temporary name using '#{basename}' under '#{tmpdir}'"
       end
-    else
       path
     end
   end