Misc #18082
open
FileUtils.remove_entry_secure has inconsistent document
Description
FileUtils.remove_entry_secure and FileUtils.rm_r have inconsistency about the vulnerability condition the in the documentations.
remove_entry_secure document:
https://github.com/ruby/ruby/blob/6a9bfa4d9387b9d8f07f43f4546437be57f9e27c/lib/fileutils.rb#L660-L664
#rm_r causes security hole when:
- Parent directory is world writable (including /tmp).
- Removing directory tree includes world writable directory.
- The system has symbolic link.
rm_r document:
https://github.com/ruby/ruby/blob/6a9bfa4d9387b9d8f07f43f4546437be57f9e27c/lib/fileutils.rb#L614-L618
WARNING: This method causes local vulnerability
if one of parent directories or removing directory tree are world
writable (including /tmp, whose permission is 1777), and the current
process has strong privilege such as Unix super user (root), and the
system has symbolic link.
The differences are following.
-
rm_rdescribes about strong privilege, butremove_entry_securedoesn't. -
rm_rdescribes "one of parent directories OR removing directory tree are world writable", but the conditions are just listed inremove_entry_securedoc, it seems AND condition.
I couldn't understand the prerequisites of the vulnerability from the documents.
I think both documents should describe the same prerequisites.
I don't know what is the right prerequisites, so I didn't make a patch.
No data to display