| September 11 2017 | File::Path Security | Back Next |
I spent first half of August 2017 assessing impact of this change
Wrote programs which grepped all of CPAN to identify cases where:
Within the scope of a tempdir() call ...
... user was creating or modifying subdirectories to lack both read and execute permissions
Permissions like 0000 or 0200
In all of CPAN I found only 6 such files -- almost all test files
I created patches or pull requests for all of them -- mostly as simple as:
chmod 0755, $somedir
... before the tempdir() call went out of scope
Filed a bug report for File::Temp: https://rt.cpan.org/Ticket/Display.html?id=122820
| Home Last TOC | Copyright © 2017 James E Keenan | Back Next |