Hi
A CVE id was assigned for this issue, please use this for future references.
Name: CVE-2008-2827
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
Reference: MISC:http://rt.cpan.org/Public/
tag 487319 pending
thanks
On Sat, Jun 21, 2008 at 10:07:30AM +0300, Niko Tyni wrote:
>
> > touch foo # permissions 0666 & ~umask
> > ln -s foo bar
> > perl -e 'use File::Path rmtree; rmtree bar'
> > ls -l foo # permissions 0777
> I just forwarded this to [rt.cpan.org #36982] and sent a notice
tag 487319 confirmed
forwarded 487319 http://rt.cpan.org/Public/Bug/Display.html?id=36982
retitle 487319 perl-modules: File::Path::rmtree sets symlink target permissions
to 0777
thanks
On Sat, Jun 21, 2008 at 02:47:14AM +0100, Ben Hutchings wrote:
> touch foo # permissions 0666 & ~umask
> ln -s
A simple test case for this bug is:
touch foo # permissions 0666 & ~umask
ln -s foo bar
perl -e 'use File::Path rmtree; rmtree bar'
ls -l foo # permissions 0777
The following patch fixes that and the originally reported problem. I
believe the other chmod() calls in the _rmtree subroutine will
What seems to have happened is that this code in lib/File/Path.pm in
Perl 5.8.8:
chmod $rp | 0600, $root
or carp "Can't make file $root writeable: $!"
if $force_writeable;
was rewritten for 5.10 as:
my $nperm = $perm & 0 | 0600;
5 matches
Mail list logo