From 8ce9641fb85782e70860fbcd112f6315e7bfad69 Mon Sep 17 00:00:00 2001 From: aamine Date: Sat, 13 Aug 2005 13:14:07 +0000 Subject: * lib/fileutils.rb (remove_entry_secure): forgot final chdir. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8986 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/fileutils.rb | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) (limited to 'lib') diff --git a/lib/fileutils.rb b/lib/fileutils.rb index 3b45bad888..c4456ab270 100644 --- a/lib/fileutils.rb +++ b/lib/fileutils.rb @@ -550,16 +550,14 @@ module FileUtils # # WARNING: This method causes local vulnerability # if one of parent directories or removing directory tree are world - # writable, and the current process has strong privilege such as Unix - # super user (root). For secure removing, read the documentation of - # #remove_entry_secure carefully, and set :secure option to true. + # writable (including /tmp, whose permission is 1777), and the current + # process has strong privilege such as Unix super user (root), and the + # system has symbolic link. For secure removing, read the documentation + # of #remove_entry_secure carefully, and set :secure option to true. # Default is :secure=>false. # # NOTE: This method calls #remove_entry_secure if :secure option is set. # See also #remove_entry_secure. - # - # WARNING: On Win32 systems, you MUST set correct ACL (Access Control List) - # always. Never provide full-control for "Everybody" user. # def rm_r(list, options = {}) fu_check_options options, :force, :noop, :verbose, :secure @@ -609,6 +607,7 @@ module FileUtils # # * Parent directory is world writable (including /tmp). # * Removing directory tree includes world writable directory. + # * The system has symbolic link. # # To avoid this security hole, this method applies special preprocess. # If +path+ is a directory, this method chown(2) and chmod(2) all @@ -620,15 +619,13 @@ module FileUtils # Only exception is temporary directory like /tmp and /var/tmp, # whose permission is 1777. # - # WARNING: Only the owner of the removing directory tree should invoke - # this method. Otherwise this method does not work. + # WARNING: Only the owner of the removing directory tree, or Unix super + # user (root) should invoke this method. Otherwise this method does not + # work. # # WARNING: remove_entry_secure uses chdir(2), this method is not # multi-thread safe, nor reentrant. # - # WARNING: This method does not work on Win32 systems. - # (You never need this method while you set NTFS ACL correctly) - # # For details of this security vulnerability, see Perl's case: # # http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448 @@ -663,6 +660,8 @@ module FileUtils end File.chown euid, nil, '.' File.chmod 0700, '.' + ensure + Dir.chdir prevcwd end # ---- tree root is frozen ---- root = Entry_.new(path) -- cgit v1.2.3