| September 11 2017 | File::Path Security | Back Next |
A patch went into Perl 5.4
But a caution was added to documentation:
NOTE: If the third parameter is not TRUE, rmtree() is *unsecure*
in the face of failure or interruption. Files and directories which
were not deleted may be left with permissions reset to allow world
read and write access. Note also that the occurrence of errors in
rmtree can be determined *only* by trapping diagnostic messages
using $SIG{__WARN__}; it is not apparent from the return value.
Therefore, you must be extremely careful about using rmtree($foo,$bar,0)
in situations where security is an issue.
| Home Last TOC | Copyright © 2017 James E Keenan | Back Next |