You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
perl -MFile::Path -Twle 'rmtree("foo")'
Insecure dependency in chmod while running with -T switch at /usr/local/perl5.005_61/lib/File/Path.pm line 168.
The problem lies in how it creates the list of files to recurse down:
my $d = DirHandle->new($root)
or carp "Can't read $root: $!";
@files = $d->read;
$d->close;
# Deleting large numbers of files from VMS Files-11 filesystems
# is faster if done in reverse ASCIIbetical order
@files = reverse @files if $Is_VMS;
($root = VMS::Filespec::unixify($root)) =~ s#\.dir$## if $Is_VMS;
@files = map("$root/$_", grep $_!~/^\.{1,2}$/,@files);
$count += rmtree(\@files,$verbose,$safe);
@files is tainted, since it is a list of files read from a Dirhandle.
So we can simply detaint @files, but I'm loathe to be the one to do
that not having really examined the security issues therin.
--
Michael G Schwern schwern@pobox.com
http://www.pobox.com/~schwern
/(?:(?:(1)[.-]?)?\(?(\d{3})\)?[.-]?)?(\d{3})[.-]?(\d{4})(x\d+)?/i
Migrated from rt.perl.org#1518 (status was 'resolved')
Searchable as RT1518$
The text was updated successfully, but these errors were encountered: