kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

merge revision(s) 66909: [Backport #15555]

Browse source 
tmpdir.rb: permission of user given directory

	* lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the
	  parent directory only when using the default temporary
	  directory, and no check against user given directory.  the
	  security is the user's responsibility in that case.
	  [ruby-core:91216] [Bug #15555]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
naruse 2019-01-29 09:19:52 +00:00
parent fbad5b97e8
commit fdca654c55
3 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/tmpdir.rb
View file

@ -83,15 +83,21 @@ class Dir
# end # end
# #
def self.mktmpdir(prefix_suffix=nil, *rest) def self.mktmpdir(prefix_suffix=nil, *rest)
path = Tmpname.create(prefix_suffix || "d", *rest) {|n| mkdir(n, 0700)} base = nil
path = Tmpname.create(prefix_suffix || "d", *rest) {|path, _, _, d|
base = d
mkdir(path, 0700)
}
if block_given? if block_given?
begin begin
yield path yield path
ensure ensure
unless base
stat = File.stat(File.dirname(path)) stat = File.stat(File.dirname(path))
if stat.world_writable? and !stat.sticky? if stat.world_writable? and !stat.sticky?
raise ArgumentError, "parent directory is world writable but not sticky" raise ArgumentError, "parent directory is world writable but not sticky"
end end
end
FileUtils.remove_entry path FileUtils.remove_entry path
end end
else else
@ -110,6 +116,7 @@ class Dir
if $SAFE > 0 and tmpdir.tainted? if $SAFE > 0 and tmpdir.tainted?
tmpdir = '/tmp' tmpdir = '/tmp'
else else
origdir = tmpdir
tmpdir ||= tmpdir() tmpdir ||= tmpdir()
end end
n = nil n = nil
@ -125,7 +132,7 @@ class Dir
path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"\ path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"\
"#{n ? %[-#{n}] : ''}#{suffix||''}" "#{n ? %[-#{n}] : ''}#{suffix||''}"
path = File.join(tmpdir, path) path = File.join(tmpdir, path)
yield(path, n, opts) yield(path, n, opts, origdir)
rescue Errno::EEXIST rescue Errno::EEXIST
n ||= 0 n ||= 0
n += 1 n += 1

6
test/test_tmpdir.rb
View file

@ -33,6 +33,12 @@ class TestTmpdir < Test::Unit::TestCase
assert_equal(tmpdir, Dir.tmpdir) assert_equal(tmpdir, Dir.tmpdir)
File.chmod(0777, tmpdir) File.chmod(0777, tmpdir)
assert_not_equal(tmpdir, Dir.tmpdir) assert_not_equal(tmpdir, Dir.tmpdir)
newdir = Dir.mktmpdir("d", tmpdir) do |dir|
assert_file.directory? dir
assert_equal(tmpdir, File.dirname(dir))
dir
end
assert_file.not_exist?(newdir)
File.chmod(01777, tmpdir) File.chmod(01777, tmpdir)
assert_equal(tmpdir, Dir.tmpdir) assert_equal(tmpdir, Dir.tmpdir)
ensure ensure

2
version.h
View file

@ -1,6 +1,6 @@
#define RUBY_VERSION "2.6.1" #define RUBY_VERSION "2.6.1"
#define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
#define RUBY_PATCHLEVEL 31 #define RUBY_PATCHLEVEL 32
#define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_YEAR 2019
#define RUBY_RELEASE_MONTH 1 #define RUBY_RELEASE_MONTH 1