Drop secure flag for FileUtils.rm_rf in extconf.rb

kwilczynski / ruby-magic

Simple interface to libmagic for Ruby Programming Language

Apache License 2.0

27 stars 8 forks source link

Drop secure flag for FileUtils.rm_rf in extconf.rb #35

Closed stanhu closed 2 years ago

stanhu commented 2 years ago

This was preventing files from being cleaned up in a Docker image when building native gems. Let's just drop this for simplicity.

kwilczynski commented 2 years ago

Hi @stanhu,

Ah this was to fix the issue you save when running as part of the CI? Nice catch. I guess, trying to mitigate a potential TOCTTOU vulnerability is not really an issue for us during a build especially.

Nice catch and thank you for fixing!

Updated:

For reference: https://github.com/kwilczynski/ruby-magic/pull/33#issuecomment-1072135808

stanhu commented 2 years ago

@kwilczynski Yes, exactly. I think #33 is ready to merge.