Comment 7 for bug 11407

How does this relate to the Debian patch 22_fix_file_path
for CAN-2004-0452 ? which I'm pasting below.

That said, an implementation of rmtree() that uses /bin/rm
isn't suitable for inclusion in perl itself.

http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.diff.gz
[Adapted from Chip Turner's 5.8.0 patch]
Fix for CAN-2004-0452. Change chmod's to make files writable/executable
by the current user only and not by the entire world. chmod's necessary
in the first place but at least this makes them less dangerous. If, for
some reason the rm process dies halfway through, at worst some files and
dirs were revoked from others, not made available.

--- lib/File/Path.pm 2001-03-21 04:40:22.000000000 +1100
+++ lib/File/Path.pm 2004-12-22 23:46:54.000000000 +1100
@@ -174,7 +174,7 @@
            # it's also intended to change it to writable in case we have
            # to recurse in which case we are better than rm -rf for
            # subtrees with strange permissions
- chmod(0777, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
+ chmod(0700, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
              or carp "Can't make directory $root read+writeable: $!"
                unless $safe;

@@ -202,7 +202,7 @@
                print "skipped $root\n" if $verbose;
                next;
            }
- chmod 0777, $root
+ chmod 0700, $root
              or carp "Can't make directory $root writeable: $!"
                if $force_writeable;
            print "rmdir $root\n" if $verbose;
@@ -224,7 +224,7 @@
                print "skipped $root\n" if $verbose;
                next;
            }
- chmod 0666, $root
+ chmod 0600, $root
              or carp "Can't make file $root writeable: $!"
                if $force_writeable;
            print "unlink $root\n" if $verbose;