On 29 January 2014 09:57, Raphael Geissert <[email protected]> wrote: [...] > One thing to notice, however, is that there's a race condition between > the stat check introduced in 34b1087870c2. > The following sequence still triggers the bogus behaviour: > > <user> mkdir $dir > <phusion> lstat() (getFileTypeNoFollowSymlinks) > <user> rmdir $dir > <user> ln -s /target $dir > <phusion> stat() (from verifyDirectoryPermissions) > ...
Upstream has now fixed this with the following commit (basically using the structure from lstat() for the two checks): https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net _______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
