* lib/tmpdir.rb (Dir.tmpdir): should not use world-writable but

non-sticky directory.
* lib/tmpdir.rb (Dir.mktmpdir): check the parent directory.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,10 @@
+Mon Mar 12 07:19:03 2012  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* lib/tmpdir.rb (Dir.tmpdir): should not use world-writable but
+	  non-sticky directory.
+
+	* lib/tmpdir.rb (Dir.mktmpdir): check the parent directory.
+
 Mon Mar 12 07:04:11 2012  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* random.c (Init_Random): removed rb_Random_DEFAULT and register as

lib/tmpdir.rb

@@ -23,7 +23,8 @@ class Dir
       tmp = @@systmpdir
     else
       for dir in [ENV['TMPDIR'], ENV['TMP'], ENV['TEMP'], @@systmpdir, '/tmp']
-        if dir and stat = File.stat(dir) and stat.directory? and stat.writable?
+        if dir and stat = File.stat(dir) and stat.directory? and stat.writable? and
+            (!stat.world_writable? or stat.sticky?)
           tmp = dir
           break
         end rescue nil
@@ -82,7 +83,11 @@ class Dir
       begin
         yield path
       ensure
-        FileUtils.remove_entry_secure path
+        stat = File.stat(File.dirname(path))
+        if stat.world_writable? and !stat.sticky?
+          raise ArgumentError, "parent directory is world writable but not sticky"
+        end
+        FileUtils.remove_entry path
       end
     else
       path

test/test_tmpdir.rb

@@ -0,0 +1,20 @@
+require 'test/unit'
+require 'tmpdir'
+
+class TestTmpdir < Test::Unit::TestCase
+  def test_world_writable
+    Dir.mktmpdir do |tmpdir|
+      # ToDo: fix for parallel test
+      olddir, ENV["TMPDIR"] = ENV["TMPDIR"], tmpdir
+      begin
+        assert_equal(tmpdir, Dir.tmpdir)
+        File.chmod(0777, tmpdir)
+        assert_not_equal(tmpdir, Dir.tmpdir)
+        File.chmod(01777, tmpdir)
+        assert_equal(tmpdir, Dir.tmpdir)
+      ensure
+        ENV["TMPDIR"] = olddir
+      end
+    end
+  end
+end