develooper Front page | perl.perl5.porters | Postings from June 2008

Re: File::Path::rmtree makes symlink targets world-writable

Thread Previous | Thread Next
From:
Niko Tyni
Date:
June 24, 2008 14:43
Subject:
Re: File::Path::rmtree makes symlink targets world-writable
Message ID:
20080624061109.GA4829@rebekka
On Mon, Jun 23, 2008 at 09:56:33PM +0200, David Landgren wrote:
> Niko Tyni wrote, some time around 21/06/2008 08:58:

> >as reported in <http://bugs.debian.org/487319> and
> ><http://rt.cpan.org/Public/Bug/Display.html?id=36982>, when
> >File::Path::rmtree() encounters a symlink, it will change the permissions
> >of the link target to the permissions of the link, usually 0777. This is
> >obviously a Bad Thing with security implications. The 'safe' parameter
> >doesn't seem to help here.

> I'm just slightly curious: this problem must have always been present in 
> previous versions, the essence of the rmtree() function remains the 
> same, I only added an alternate error reporting channel into the code. 
> If someone can find the time to prove or disprove that this behaviour 
> has crept in since 2.x it would be of great help. That will allow me to 
> figure out if code needs to be added or removed/reverted...

I think it was introduced in 2.00 (blead change 31315) with this diff hunk:

-           chmod $rp | 0600, $root
-             or carp ("Can't make file $root writeable: $!")
-               if $force_writeable;
-           print "unlink $root\n" if $verbose;
+            if (!chmod $rp | 0600, $root) {
+                if ($Force_Writeable) {
+                    if ($arg->{error}) {
+                        push @{${$arg->{error}}},
+                            {$root => "Can't make file writeable: $!"};
+                    }
+                    else {
+                        _carp ("Can't make file $root writeable: $!")
+                    }
+                }
+            }
+            print "unlink $root\n" if $arg->{verbose};

The difference is the point where $Force_Writeable is evaluated: in the
new version the chmod is done regardless of the value.

$Force_Writeable isn't set on unixish operating systems.  If any of the
others have symlinks with lax permissions and chmod follows them, they
were probably buggy in 1.xx too. Sounds like a big 'if' to me, though.

 # These OSes complain if you want to remove a file that you have no
 # write permission to:
-my $force_writeable = ($^O eq 'os2' || $^O eq 'dos' || $^O eq 'MSWin32' ||
+my $Force_Writeable = ($^O eq 'os2' || $^O eq 'dos' || $^O eq 'MSWin32' ||
                       $^O eq 'amigaos' || $^O eq 'MacOS' || $^O eq 'epoc');

-- 
Niko Tyni   ntyni@debian.org

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About