Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix JRUBY-5524: FileUtils is vulnerable to symlink race attacks

This patch is imported from upstream temporarily. Here's a commit log of
CRuby's fix.

 * lib/fileutils.rb (FileUtils::remove_entry_secure): there is a
   race condition in the case where the given path is a directory,
   and some other user can move that directory, and create a
   symlink while this method is executing.
   Reported by: Nicholas Jefferson <nicholas at>
  • Loading branch information...
commit 4b564ddf93ed21ef36d7c26158bd50d646c4bf69 1 parent e56e8bc
Hiroshi Nakamura nahi authored
Showing with 9 additions and 4 deletions.
  1. +9 −4 lib/ruby/1.8/fileutils.rb
13 lib/ruby/1.8/fileutils.rb
@@ -657,10 +657,10 @@ def rm_rf(list, options = {})
# removing directories. This requires the current process is the
# owner of the removing whole directory tree, or is the super user (root).
- # WARNING: You must ensure that *ALL* parent directories are not
- # world writable. Otherwise this method does not work.
- # Only exception is temporary directory like /tmp and /var/tmp,
- # whose permission is 1777.
+ # WARNING: You must ensure that *ALL* parent directories cannot be
+ # moved by other untrusted users. For example, parent directories
+ # should not be owned by untrusted users, and should not be world
+ # writable except when the sticky bit set.
# WARNING: Only the owner of the removing directory tree, or Unix super
# user (root) should invoke this method. Otherwise this method does not
@@ -703,6 +703,11 @@ def remove_entry_secure(path, force = false)
f.chown euid, -1
f.chmod 0700
+ unless fu_stat_identical_entry?(st, File.lstat(fullpath))
+ # TOC-to-TOU attack?
+ File.unlink fullpath
+ return
+ end
# ---- tree root is frozen ----
root =
Please sign in to comment.
Something went wrong with that request. Please try again.