Hi
A CVE id was assigned for this issue, please use this for future references.
Name: CVE-2008-2827
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
Reference:
tag 487319 confirmed
forwarded 487319 http://rt.cpan.org/Public/Bug/Display.html?id=36982
retitle 487319 perl-modules: File::Path::rmtree sets symlink target permissions
to 0777
thanks
On Sat, Jun 21, 2008 at 02:47:14AM +0100, Ben Hutchings wrote:
touch foo # permissions 0666 ~umask
ln -s
Processing commands for [EMAIL PROTECTED]:
tag 487319 confirmed
Bug#487319: perl-modules: File::Path::rmtree safe is not really safe
Tags were: patch security
Tags added: confirmed
forwarded 487319 http://rt.cpan.org/Public/Bug/Display.html?id=36982
Bug#487319: perl-modules: File::Path::rmtree
tag 487319 pending
thanks
On Sat, Jun 21, 2008 at 10:07:30AM +0300, Niko Tyni wrote:
touch foo # permissions 0666 ~umask
ln -s foo bar
perl -e 'use File::Path rmtree; rmtree bar'
ls -l foo # permissions 0777
I just forwarded this to [rt.cpan.org #36982] and sent a notice to the
What seems to have happened is that this code in lib/File/Path.pm in
Perl 5.8.8:
chmod $rp | 0600, $root
or carp Can't make file $root writeable: $!
if $force_writeable;
was rewritten for 5.10 as:
my $nperm = $perm 0 | 0600;
A simple test case for this bug is:
touch foo # permissions 0666 ~umask
ln -s foo bar
perl -e 'use File::Path rmtree; rmtree bar'
ls -l foo # permissions 0777
The following patch fixes that and the originally reported problem. I
believe the other chmod() calls in the _rmtree subroutine will
6 matches
Mail list logo
