Package: libruby1.8
Version: 1.8.7.174-1
Severity: normal
Tags: security
Hi!
After the following upgrade:
[UPGRADE] libruby1.8 1.8.7.72-3.1 -> 1.8.7.174-1
temporary files created with /usr/lib/ruby/1.8/tempfile.rb
are no longer removed.
Steps to reproduce the bug:
$ irb1.8
irb(main):001:0> require 'tempfile'
=> true
irb(main):002:0> tf = Tempfile.new('foo_')
=> #<File:/tmp/foo_20090622-31369-hsfufm-0>
irb(main):003:0> tf.puts 'hello'
=> nil
irb(main):004:0> tf.flush
=> #<File:/tmp/foo_20090622-31369-hsfufm-0>
irb(main):005:0> tf.path
=> "/tmp/foo_20090622-31369-hsfufm-0"
irb(main):006:0> exit
$ ls /tmp/foo*
/tmp/foo_20090622-31369-hsfufm-0
$ cat /tmp/foo*
hello
If I remember libruby1.8/1.8.7.72-3.1 behavior correctly,
the temporary file should have been removed on exit.
It's still there, though.
I think this is a problematic regression and may have
a security impact.
Please note that the temporary file is indeed removed if the
method close!() is explicitly called, as in:
irb(main):006:0> tf.close!
Nonetheless, the temporary file should be removed even without an
explicit close!() invocation, when the tf object is finalized
(which happens on exit, right?), but unfortunately this no longer
seems to work, since I upgraded to libruby1.8/1.8.7.174-1
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (800, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libruby1.8 depends on:
ii libc6 2.9-12 GNU C Library: Shared libraries
ii libncurses5 5.7+20090523-1 shared libraries for terminal hand
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
libruby1.8 recommends no packages.
libruby1.8 suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
