FileUtils.remove_entry_secure has inconsistent document
FileUtils.rm_r have inconsistency about the vulnerability condition the in the documentations.
#rm_r causes security hole when:
- Parent directory is world writable (including /tmp).
- Removing directory tree includes world writable directory.
- The system has symbolic link.
WARNING: This method causes local vulnerability
if one of parent directories or removing directory tree are world
writable (including /tmp, whose permission is 1777), and the current
process has strong privilege such as Unix super user (root), and the
system has symbolic link.
The differences are following.
rm_rdescribes about strong privilege, but
rm_rdescribes "one of parent directories OR removing directory tree are world writable", but the conditions are just listed in
remove_entry_securedoc, it seems AND condition.
I couldn't understand the prerequisites of the vulnerability from the documents.
I think both documents should describe the same prerequisites.
I don't know what is the right prerequisites, so I didn't make a patch.
No data to display