remove_entry_secure(path, force = false) public

This method removes a file system entry path. path shall be a regular file, a directory, or something. If path is a directory, remove it recursively. This method is required to avoid TOCTTOU (time-of-check-to-time-of-use) local security vulnerability of #rm_r. #rm_r causes security hole when:

* Parent directory is world writable (including /tmp).
* Removing directory tree includes world writable directory.
* The system has symbolic link.

To avoid this security hole, this method applies special preprocess. If path is a directory, this method chown(2) and chmod(2) all removing directories. This requires the current process is the owner of the removing whole directory tree, or is the super user (root).

WARNING: You must ensure that ALL parent directories are not world writable. Otherwise this method does not work. Only exception is temporary directory like /tmp and /var/tmp, whose permission is 1777.

WARNING: Only the owner of the removing directory tree, or Unix super user (root) should invoke this method. Otherwise this method does not work.

For details of this security vulnerability, see Perl’s case:


For fileutils.rb, this vulnerability is reported in [ruby-dev:26100].

Show source
Register or log in to add new notes.