File::Path::rmtree makes symlink targets world-writable

Front page | perl.perl5.porters | Postings from June 2008

File::Path::rmtree makes symlink targets world-writable

Thread Next

From:

Niko Tyni

Date:

June 21, 2008 12:44

Subject:

File::Path::rmtree makes symlink targets world-writable

Message ID:

20080621065834.GA5578@rebekka

Hi p5p,

as reported in <http://bugs.debian.org/487319> and
<http://rt.cpan.org/Public/Bug/Display.html?id=36982>, when
File::Path::rmtree() encounters a symlink, it will change the permissions
of the link target to the permissions of the link, usually 0777. This is
obviously a Bad Thing with security implications. The 'safe' parameter
doesn't seem to help here.

There's a proposed patch by Ben Hutchings in the Debian report.  The bug
is present (at least) in File-Path-2.04, in both 5.10.0 and blead.
-- 
Niko Tyni   ntyni@debian.org

Thread Next

File::Path::rmtree makes symlink targets world-writable by Niko Tyni

Re: File::Path::rmtree makes symlink targets world-writable by David Landgren

Re: File::Path::rmtree makes symlink targets world-writable by Niko Tyni
[rt.cpan.org #37031] Re: File::Path::rmtree makes symlink targets world-writable by david@landgren.net via RT

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About