查看网站首页
查看网站首页
查看 sitemap.xml
✏️ 正在编辑: remove_entry_secure-i.yaml
路径:
/opt/alt/ruby18/share/ri/1.8/system/FileUtils/remove_entry_secure-i.yaml
提示:
您可以编辑任何文件(包括二进制文件),但请注意不当修改可能导致文件损坏。
--- !ruby/object:RI::MethodDescription aliases: [] block_params: comment: - !ruby/struct:SM::Flow::P body: "This method removes a file system entry <tt>path</tt>. <tt>path</tt> shall be a regular file, a directory, or something. If <tt>path</tt> is a directory, remove it recursively. This method is required to avoid TOCTTOU (time-of-check-to-time-of-use) local security vulnerability of #rm_r. #rm_r causes security hole when:" - !ruby/struct:SM::Flow::VERB body: " * Parent directory is world writable (including /tmp).\n * Removing directory tree includes world writable directory.\n * The system has symbolic link.\n" - !ruby/struct:SM::Flow::P body: To avoid this security hole, this method applies special preprocess. If <tt>path</tt> is a directory, this method chown(2) and chmod(2) all removing directories. This requires the current process is the owner of the removing whole directory tree, or is the super user (root). - !ruby/struct:SM::Flow::P body: "WARNING: You must ensure that <b>ALL</b> parent directories cannot be moved by other untrusted users. For example, parent directories should not be owned by untrusted users, and should not be world writable except when the sticky bit set." - !ruby/struct:SM::Flow::P body: "WARNING: Only the owner of the removing directory tree, or Unix super user (root) should invoke this method. Otherwise this method does not work." - !ruby/struct:SM::Flow::P body: "For details of this security vulnerability, see Perl's case:" - !ruby/struct:SM::Flow::VERB body: " http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448\n http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452\n" - !ruby/struct:SM::Flow::P body: For fileutils.rb, this vulnerability is reported in [ruby-dev:26100]. full_name: FileUtils#remove_entry_secure is_singleton: false name: remove_entry_secure params: (path, force = false) visibility: public
💾 保存文件
← 返回文件管理器