Bug#1098226: perl: thread creation while a directory handle is open does a fchdir, affecting other threads
Niko Tyni
ntyni at debian.org
Sat May 17 09:26:54 BST 2025
Control: severity -1 normal
On Tue, Feb 18, 2025 at 05:01:55PM +0100, Vincent Lefevre wrote:
> Control: forwarded -1 https://github.com/Perl/perl5/issues/23010
>
> This is a bug visible in the perl code, so I've just reported the bug
> upstream.
Thanks.
> (Not sure about the severity, but this can yield incorrect file
> operations in the involved directory, which may be very problematic
> if this directory is untrusted.)
There's a preliminary patch upstream at
https://github.com/Perl/perl5/pull/23019
but it looks like it's not going to be in 5.42. I'm certainly not going
to backport it before it's ready.
It doesn't look like upstream is treating this as a serious security
issue, so I'm lowering the severity. Please discuss the security concerns
upstream if you want this to change.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list