develooper Front page | perl.perl5.porters | Postings from June 2008

Re: [ #36982]: rmtree() makes symlink targets world-writable

From: via RT
June 24, 2008 08:52
Re: [ #36982]: rmtree() makes symlink targets world-writable
Message ID:
       Queue: File-Path
 Ticket <URL: >

On Sat, Jun 21, 2008 at 02:11:57AM -0400, Bugs in File-Path via RT wrote:

> as reported in <>, when rmtree() encounters
> a symlink, it will change the permissions of the link target to the
> permissions of the link, usually 0777.

For the record, this has now been assigned a CVE id:

 Name: CVE-2008-2827
 Status: Candidate
 Reference: MISC:
 Reference: MISC:

 The rmtree function in lib/File/ in Perl 5.10 does not properly
 check permissions before performing a chmod, which allows local users
 to modify the permissions of arbitrary files via a symlink attack, a
 different vulnerability than CVE-2005-0448 and CVE-2004-0452.

Sorry about the triplicate report on the p5p list, I wasn't aware the
CPAN ticket submissions get forwarded there too.
Niko Tyni Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About