| September 11 2017 | File::Path Security | Back Next |
In Unix (and other) filesystems, the gap between Time of Check and Time of Use is vulnerable to race conditions
In 1997, File::Path::rmtree() was "improved" in ways that made it more vulnerable to TOCTTOU conditions
A new vulnerability was reported earlier this year and patched
In a few cases that patch will affect existing use of rmtree(), directly or via tempdir()
Those cases can be worked around relatively easily
| Home Last TOC | Copyright © 2017 James E Keenan | Back Next |