From: "pocke (Masataka Kuwabara)" Date: 2021-08-17T16:26:38+00:00 Subject: [ruby-core:104956] [Ruby master Misc#18082] FileUtils.remove_entry_secure has inconsistent document Issue #18082 has been reported by pocke (Masataka Kuwabara). ---------------------------------------- Misc #18082: FileUtils.remove_entry_secure has inconsistent document https://bugs.ruby-lang.org/issues/18082 * Author: pocke (Masataka Kuwabara) * Status: Open * Priority: Normal ---------------------------------------- `FileUtils.remove_entry_secure` and `FileUtils.rm_r` have inconsistency about the vulnerability condition the in the documentations. `remove_entry_secure` document: https://github.com/ruby/ruby/blob/6a9bfa4d9387b9d8f07f43f4546437be57f9e27c/lib/fileutils.rb#L660-L664 > #rm_r causes security hole when: > > * Parent directory is world writable (including /tmp). > * Removing directory tree includes world writable directory. > * The system has symbolic link. `rm_r` document: https://github.com/ruby/ruby/blob/6a9bfa4d9387b9d8f07f43f4546437be57f9e27c/lib/fileutils.rb#L614-L618 > WARNING: This method causes local vulnerability > if one of parent directories or removing directory tree are world > writable (including /tmp, whose permission is 1777), and the current > process has strong privilege such as Unix super user (root), and the > system has symbolic link. The differences are following. * `rm_r` describes about strong privilege, but `remove_entry_secure` doesn't. * `rm_r` describes "one of parent directories **OR** removing directory tree are world writable", but the conditions are just listed in `remove_entry_secure` doc, it seems **AND** condition. I couldn't understand the prerequisites of the vulnerability from the documents. I think both documents should describe the same prerequisites. I don't know what is the right prerequisites, so I didn't make a patch. -- https://bugs.ruby-lang.org/ Unsubscribe: