| September 11 2017 |
File::Path Security |
Back
Next
|
commit d7027a777ff3886da41835c55a59039de4a31d95
Author: David Landgren <david@landgren.net>
AuthorDate: Sat Sep 29 06:29:32 2007
Commit: Michael G. Schwern <schwern@pobox.com>
CommitDate: Fri Dec 11 16:37:15 2009
import File-Path 2.01 from CPAN
There were race conditions 1.x implementations of File::Path's
rmtree() function (although sometimes patched depending on the OS
distribution or platform). The 2.0 version contains code to avoid the
problem mentioned in CVE-2002-0435.
See the following pages for more information:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905
http://www.nntp.perl.org/group/perl.perl5.porters/2005/01/msg97623.html
http://www.debian.org/security/2005/dsa-696
Additionally, unless the safe parameter is set (or the
third parameter in the traditional interface is TRUE), should a
remove_tree() be interrupted, files that were originally in read-only
mode may now have their permissions set to a read-write (or "delete
OK") mode.