From @schwern

perl -MFile​::Path -Twle 'rmtree("foo")'
Insecure dependency in chmod while running with -T switch at /usr/local/perl5.005_61/lib/File/Path.pm line 168.

The problem lies in how it creates the list of files to recurse down​:

  my $d = DirHandle->new($root)
  or carp "Can't read $root​: $!";
  @​files = $d->read;
  $d->close;

  # Deleting large numbers of files from VMS Files-11 filesystems
  # is faster if done in reverse ASCIIbetical order
  @​files = reverse @​files if $Is_VMS;
  ($root = VMS​::Filespec​::unixify($root)) =~ s#\.dir$## if $Is_VMS;
  @​files = map("$root/$_", grep $_!~/^\.{1,2}$/,@​files);
  $count += rmtree(\@​files,$verbose,$safe);

@​files is tainted, since it is a list of files read from a Dirhandle.
So we can simply detaint @​files, but I'm loathe to be the one to do
that not having really examined the security issues therin.

--

Michael G Schwern schwern@​pobox.com
  http​://www.pobox.com/~schwern
  /(?​:(?​:(1)[.-]?)?\(?(\d{3})\)?[.-]?)?(\d{3})[.-]?(\d{4})(x\d+)?/i