* lib/tmpdir.rb (Dir.tmpdir): should not use world-writable but

non-sticky directory. * lib/tmpdir.rb (Dir.mktmpdir): check the parent directory. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2012-03-11 22:19:06 +0000
committer: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2012-03-11 22:19:06 +0000
commit: bcb9e567c422f535b4871ce2795179af808d0077 (patch)
tree: cac8a46f3b0013e512360a4e89841c6b5a9a2726 /lib/tmpdir.rb
parent: 42437780d62e5ddaf0c7bb5ec320f85970b0ee42 (diff)
download: ruby-bcb9e567c422f535b4871ce2795179af808d0077.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb
index d7f68272e8..0791c38746 100644
--- a/lib/tmpdir.rb
+++ b/lib/tmpdir.rb
@@ -23,7 +23,8 @@ class Dir
       tmp = @@systmpdir
     else
       for dir in [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'], @@systmpdir, '/tmp']
-        if dir and stat = File.stat(dir) and stat.directory? and stat.writable?
+        if dir and stat = File.stat(dir) and stat.directory? and stat.writable? and
+            (!stat.world_writable? or stat.sticky?)
           tmp = dir
           break
         end rescue nil
@@ -82,7 +83,11 @@ class Dir
       begin
         yield path
       ensure
-        FileUtils.remove_entry_secure path
+        stat = File.stat(File.dirname(path))
+        if stat.world_writable? and !stat.sticky?
+          raise ArgumentError, "parent directory is world writable but not sticky"
+        end
+        FileUtils.remove_entry path
       end
     else
       path
author	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2012-03-11 22:19:06 +0000
committer	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2012-03-11 22:19:06 +0000
commit	bcb9e567c422f535b4871ce2795179af808d0077 (patch)
tree	cac8a46f3b0013e512360a4e89841c6b5a9a2726 /lib/tmpdir.rb
parent	42437780d62e5ddaf0c7bb5ec320f85970b0ee42 (diff)
download	ruby-bcb9e567c422f535b4871ce2795179af808d0077.tar.gz