Autrijus wrote:
> However, if this hack no longer works now, I'd be happy to rescind it.
> It the patch an Ubuntu-specific change, or is it due to a new version
> of PathTools?
It's in the latest Debian and Ubuntu packages, here's the corresponding
changelog entry:
* SECURITY [CAN-2005-0448]: rewrite File::Path::rmtree to avoid race
condition which allows an attacker with write permission on
directories in the tree being removed to make files setuid or to
remove arbitrary files (closes: #286905, #286922). Supersedes
the previous patch for CAN-2004-0452.
However, neither Perl 5.9.2, nor Fedora seem to have picked it up.
Cheers, Roderich
