You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by bu...@apache.org on 2002/10/07 06:13:36 UTC
DO NOT REPLY [Bug 13353] New: -
follows symbolic links to directories at risk of great data loss!
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13353>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13353
<delete> follows symbolic links to directories at risk of great data loss!
Summary: <delete> follows symbolic links to directories at risk
of great data loss!
Product: Ant
Version: 1.5.1
Platform: All
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Other
Component: Core tasks
AssignedTo: ant-dev@jakarta.apache.org
ReportedBy: JimWright@quick.cz
I discovered the hard way that if I use <delete> to delete a temporary directory
created by the build then I must be very careful not to create symbolic links,
for test purposes say, to directories outside of my test data. I lost about 6
hours recovering and only because I had a fairly recent backup. It wasn't that I
was completely stupid ;-) but that I made a series of changes none of which
introduced obvious risk.
I consider this a bug because this sort of thing does not happen with other
tools available on platforms that support symbolic links. I believe it was
introduced sometime since August judging by ant-dev archive. I have a patch that
uses utils/FileUtils in taskdefs/Delete.java to check that a directory is not a
symbolic link before descending into it, but I am not sure of issues such as
backward compatibility. I suggest it might be optional but the default should
not descend such links.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>