diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-03-11 22:19:06 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-03-11 22:19:06 +0000 |
commit | bcb9e567c422f535b4871ce2795179af808d0077 (patch) | |
tree | cac8a46f3b0013e512360a4e89841c6b5a9a2726 /lib | |
parent | 42437780d62e5ddaf0c7bb5ec320f85970b0ee42 (diff) | |
download | ruby-bcb9e567c422f535b4871ce2795179af808d0077.tar.gz |
* lib/tmpdir.rb (Dir.tmpdir): should not use world-writable but
non-sticky directory.
* lib/tmpdir.rb (Dir.mktmpdir): check the parent directory.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/tmpdir.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index d7f68272e8..0791c38746 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -23,7 +23,8 @@ class Dir tmp = @@systmpdir else for dir in [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'], @@systmpdir, '/tmp'] - if dir and stat = File.stat(dir) and stat.directory? and stat.writable? + if dir and stat = File.stat(dir) and stat.directory? and stat.writable? and + (!stat.world_writable? or stat.sticky?) tmp = dir break end rescue nil @@ -82,7 +83,11 @@ class Dir begin yield path ensure - FileUtils.remove_entry_secure path + stat = File.stat(File.dirname(path)) + if stat.world_writable? and !stat.sticky? + raise ArgumentError, "parent directory is world writable but not sticky" + end + FileUtils.remove_entry path end else path |