develooper Front page | perl.perl5.porters | Postings from June 2008

File::Path::rmtree makes symlink targets world-writable

Thread Next
Niko Tyni
June 21, 2008 12:44
File::Path::rmtree makes symlink targets world-writable
Message ID:
Hi p5p,

as reported in <> and
<>, when
File::Path::rmtree() encounters a symlink, it will change the permissions
of the link target to the permissions of the link, usually 0777. This is
obviously a Bad Thing with security implications. The 'safe' parameter
doesn't seem to help here.

There's a proposed patch by Ben Hutchings in the Debian report.  The bug
is present (at least) in File-Path-2.04, in both 5.10.0 and blead.
Niko Tyni

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About