Front page | perl.perl5.porters |
Postings from July 2012
From: Tim Jenness
July 17, 2012 21:12
Message ID: 6BD0DB0C7ED041D0A711EB9EF53605A6@gmail.com
I've been behind with my File::Temp releases and this is mainly due to a couple of outstanding issues. Since it's part of core I feel I should ask for some advice before making a new release.
1. In fixing CPAN RT #44924 to ensure that relative paths become absolute (so that you can chdir somewhere else) you end up with tainted temp directories which can't be cleaned up (File::Path::rmtree can't use chdir on them) and can't be used as a base for new temp files (sysopen fails because you now have a tainted root). Cwd explicitly taints the directory so I imagine that checking if the cwd exists and that it contains the new temp directory is not a good thing. Should I die early if you even attempt to use a relative path as a root for a temporary directory if taint checking is on? The problem being that in the current released File::Temp it does work (so long as you don't chdir anywhere). I imagine I have the option of not fixing #44924 when taint mode is enabled.
2. CVE-2011-4116 aka CPAN RT #69106.
The implication here being that every component of the path for the temp file should be checked to see if it's a soft link and if it is refuse to create the temp file. Do people concur? Is there a module for doing that reliably or do I roll my own from File::Spec. Is anyone concerned that this CVE is open?
A side effect of this is a discussion suggesting that File::Temp in its default invocation should put temp files into a subdirectory of File::Spec->tmpdir (using tempdir).
Comments welcome. I'm at OSCON if anyone there wants to talk about this. There don't seem to be enough people interested in a p5p BoF.
by Tim Jenness