U:RDoc::AnyMethod[iI"remove_entry_secure:ETI"#FileUtils::remove_entry_secure;TT:publico:RDoc::Markup::Document:@parts[o:RDoc::Markup::Paragraph;	[
I"HThis method removes a file system entry +path+.  +path+ shall be a ;TI"Iregular file, a directory, or something.  If +path+ is a directory, ;TI"Fremove it recursively.  This method is required to avoid TOCTTOU ;TI"J(time-of-check-to-time-of-use) local security vulnerability of rm_r. ;TI"%#rm_r causes security hole when:;To:RDoc::Markup::BlankLineo:RDoc::Markup::List:
@type:BULLET:@items[o:RDoc::Markup::ListItem:@label0;	[o;
;	[I"9Parent directory is world writable (including /tmp).;To;;0;	[o;
;	[I"?Removing directory tree includes world writable directory.;To;;0;	[o;
;	[I""The system has symbolic link.;T@o;
;	[	I"JTo avoid this security hole, this method applies special preprocess. ;TI"EIf +path+ is a directory, this method chown(2) and chmod(2) all ;TI"Eremoving directories.  This requires the current process is the ;TI"Mowner of the removing whole directory tree, or is the super user (root).;T@o;
;	[	I"FWARNING: You must ensure that *ALL* parent directories cannot be ;TI"Fmoved by other untrusted users.  For example, parent directories ;TI"Eshould not be owned by untrusted users, and should not be world ;TI"-writable except when the sticky bit set.;T@o;
;	[I"KWARNING: Only the owner of the removing directory tree, or Unix super ;TI"Luser (root) should invoke this method.  Otherwise this method does not ;TI"
work.;T@o;
;	[I"AFor details of this security vulnerability, see Perl's case:;T@o;;
;;[o;;0;	[o;
;	[I"Ahttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448;To;;0;	[o;
;	[I"Ahttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452;T@o;
;	[I"JFor fileutils.rb, this vulnerability is reported in [ruby-dev:26100].;T:
@fileI"lib/fileutils.rb;T:0@omit_headings_from_table_of_contents_below000[I"(path, force = false);T@GFI"FileUtils;TcRDoc::NormalModule00