ruby-changes:54693
From: nobu <ko1@a...>
Date: Wed, 23 Jan 2019 15:06:53 +0900 (JST)
Subject: [ruby-changes:54693] nobu:r66909 (trunk): tmpdir.rb: permission of user given directory
nobu 2019-01-23 15:06:47 +0900 (Wed, 23 Jan 2019) New Revision: 66909 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=66909 Log: tmpdir.rb: permission of user given directory * lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the parent directory only when using the default temporary directory, and no check against user given directory. the security is the user's responsibility in that case. [ruby-core:91216] [Bug #15555] Modified files: trunk/lib/tmpdir.rb trunk/test/test_tmpdir.rb Index: lib/tmpdir.rb =================================================================== --- lib/tmpdir.rb (revision 66908) +++ lib/tmpdir.rb (revision 66909) @@ -83,14 +83,20 @@ class Dir https://github.com/ruby/ruby/blob/trunk/lib/tmpdir.rb#L83 # end # def self.mktmpdir(prefix_suffix=nil, *rest) - path = Tmpname.create(prefix_suffix || "d", *rest) {|n| mkdir(n, 0700)} + base = nil + path = Tmpname.create(prefix_suffix || "d", *rest) {|path, _, _, d| + base = d + mkdir(path, 0700) + } if block_given? begin yield path ensure - stat = File.stat(File.dirname(path)) - if stat.world_writable? and !stat.sticky? - raise ArgumentError, "parent directory is world writable but not sticky" + unless base + stat = File.stat(File.dirname(path)) + if stat.world_writable? and !stat.sticky? + raise ArgumentError, "parent directory is world writable but not sticky" + end end FileUtils.remove_entry path end @@ -110,6 +116,7 @@ class Dir https://github.com/ruby/ruby/blob/trunk/lib/tmpdir.rb#L116 if $SAFE > 0 and tmpdir.tainted? tmpdir = '/tmp' else + origdir = tmpdir tmpdir ||= tmpdir() end n = nil @@ -125,7 +132,7 @@ class Dir https://github.com/ruby/ruby/blob/trunk/lib/tmpdir.rb#L132 path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"\ "#{n ? %[-#{n}] : ''}#{suffix||''}" path = File.join(tmpdir, path) - yield(path, n, opts) + yield(path, n, opts, origdir) rescue Errno::EEXIST n ||= 0 n += 1 Index: test/test_tmpdir.rb =================================================================== --- test/test_tmpdir.rb (revision 66908) +++ test/test_tmpdir.rb (revision 66909) @@ -33,6 +33,12 @@ class TestTmpdir < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/test_tmpdir.rb#L33 assert_equal(tmpdir, Dir.tmpdir) File.chmod(0777, tmpdir) assert_not_equal(tmpdir, Dir.tmpdir) + newdir = Dir.mktmpdir("d", tmpdir) do |dir| + assert_file.directory? dir + assert_equal(tmpdir, File.dirname(dir)) + dir + end + assert_file.not_exist?(newdir) File.chmod(01777, tmpdir) assert_equal(tmpdir, Dir.tmpdir) ensure -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/