ruby-changes:22930
From: nobu <ko1@a...>
Date: Mon, 12 Mar 2012 07:19:16 +0900 (JST)
Subject: [ruby-changes:22930] nobu:r34979 (trunk): * lib/tmpdir.rb (Dir.tmpdir): should not use world-writable but
nobu 2012-03-12 07:19:06 +0900 (Mon, 12 Mar 2012) New Revision: 34979 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=34979 Log: * lib/tmpdir.rb (Dir.tmpdir): should not use world-writable but non-sticky directory. * lib/tmpdir.rb (Dir.mktmpdir): check the parent directory. Added files: trunk/test/test_tmpdir.rb Modified files: trunk/ChangeLog trunk/lib/tmpdir.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 34978) +++ ChangeLog (revision 34979) @@ -1,3 +1,10 @@ +Mon Mar 12 07:19:03 2012 Nobuyoshi Nakada <nobu@r...> + + * lib/tmpdir.rb (Dir.tmpdir): should not use world-writable but + non-sticky directory. + + * lib/tmpdir.rb (Dir.mktmpdir): check the parent directory. + Mon Mar 12 07:04:11 2012 Nobuyoshi Nakada <nobu@r...> * random.c (Init_Random): removed rb_Random_DEFAULT and register as Index: lib/tmpdir.rb =================================================================== --- lib/tmpdir.rb (revision 34978) +++ lib/tmpdir.rb (revision 34979) @@ -23,7 +23,8 @@ tmp = @@systmpdir else for dir in [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'], @@systmpdir, '/tmp'] - if dir and stat = File.stat(dir) and stat.directory? and stat.writable? + if dir and stat = File.stat(dir) and stat.directory? and stat.writable? and + (!stat.world_writable? or stat.sticky?) tmp = dir break end rescue nil @@ -82,7 +83,11 @@ begin yield path ensure - FileUtils.remove_entry_secure path + stat = File.stat(File.dirname(path)) + if stat.world_writable? and !stat.sticky? + raise ArgumentError, "parent directory is world writable but not sticky" + end + FileUtils.remove_entry path end else path Index: test/test_tmpdir.rb =================================================================== --- test/test_tmpdir.rb (revision 0) +++ test/test_tmpdir.rb (revision 34979) @@ -0,0 +1,20 @@ +require 'test/unit' +require 'tmpdir' + +class TestTmpdir < Test::Unit::TestCase + def test_world_writable + Dir.mktmpdir do |tmpdir| + # ToDo: fix for parallel test + olddir, ENV["TMPDIR"] = ENV["TMPDIR"], tmpdir + begin + assert_equal(tmpdir, Dir.tmpdir) + File.chmod(0777, tmpdir) + assert_not_equal(tmpdir, Dir.tmpdir) + File.chmod(01777, tmpdir) + assert_equal(tmpdir, Dir.tmpdir) + ensure + ENV["TMPDIR"] = olddir + end + end + end +end Property changes on: test/test_tmpdir.rb ___________________________________________________________________ Added: svn:eol-style + LF -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/