develooper Front page | perl.perl5.porters | Postings from January 2009

Re: [PATCH] Re: [PATCH] File::Copy & permission bits.

Thread Previous | Thread Next
January 26, 2009 10:32
Re: [PATCH] Re: [PATCH] File::Copy & permission bits.
Message ID:
On Sat, Jan 24, 2009 at 11:11:08PM -0500, Charles Bailey wrote:
> - Moves the permission-changing code to File::Copy::cp(), making it
> non-identical to File::Copy::copy().  I think this is a decent
> compromise, retaining backwards compatibility in the "primary"
> routine, while allowing people who chose cp() to get more POSIXy
> semantics.  It does break backwards compatibility of cp() wrt
> permissions.  I can find a handful of examples in CPAN, for which I
> hope smokers will give some feedback.  As for the DARKpan, who knows .
> . .

Basically, 'cp' is now 'copy', then, afterwards, setting the permissions
(if the file is new). This opens the possibility for a race. Imagine
having a file with sensitive data. Permissions of the file are 0600.  Now,
if you copy it using cp, and your umask is '022' (not uncommon), there's
a brief moment the copied file will be readable by all (permission 0644).

This wouldn't happen if the new file was opened using sysopen() with the
appropriate permission (which is what the IEEE 1002.1 standard says
it should do).


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About