"Schupp Roderich (extern) Com MD PD SWP 2 CM MCH" wrote in perl.par :
>
> It's in the latest Debian and Ubuntu packages, here's the corresponding
> changelog entry:
>
> * SECURITY [CAN-2005-0448]: rewrite File::Path::rmtree to avoid race
> condition which allows an attacker with write permission on
> directories in the tree being removed to make files setuid or to
> remove arbitrary files (closes: #286905, #286922). Supersedes
> the previous patch for CAN-2004-0452.
>
> However, neither Perl 5.9.2, nor Fedora seem to have picked it up.
Yes. I'm aware of this patch, and it has portability problems. I was
planning to look at it and adapt it after the 5.9.2 release. Quoting
Brendan O'Dea :
NOTE: while this patch should work on any POSIX system, I made no
attempt to handle the VMS or MacOS special cases that were in the
original. Assistance is required to deal with those cases.
--
Only what happens every three hundred nights is true.
-- Borges
