Comment 15 for bug 11407

Message-ID: <email address hidden>
Date: Mon, 24 Jan 2005 22:31:21 +1100
From: Brendan O'Dea <email address hidden>
To: Aaron Sherman <email address hidden>
Cc: <email address hidden>, Paul Szabo <email address hidden>,
 Perl5 Porters List <email address hidden>
Subject: Re: Bug#286905: perl-modules: File::Path::rmtree makes setuid

On Wed, Jan 12, 2005 at 05:02:41PM -0500, Aaron Sherman wrote:
>> [p5p:] If anyone had a cleaner (and cross-platform) fix, I'd love to
>> hear of it.
>
>Well, certainly relying on rm (and you assumed a "-v" option which,
>AFAIK implies GNU rm specifically) is right out. I'm sure others will
>say the same.

Sure, it was proposed as a quick hack for the Debian package, where it
is safe to assume /bin/rm is from GNU coreutils.

If it weren't for the requirement to retain the current API (returning
the number of deletions, and verbose output) then a thin wrapper around

  system 'rm', '-rf', @paths

would suffix for POSIX systems.

>Quick fix? Reduce the race by making any changes just before and just
>after an operation, not in preparation for a whole directory. Now you
>still have a problem, but a smaller one.

A race is a race, no matter how small the window.

--bod