You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the #130 review @michaeladda and @rylandg discussed some rough edges in using node-fs-extra to copy files. The ncp function there is suspect: apart from verifying existence to decide whether to delete before copying instead of opening with O_WRONLY|O_TRUNC (a classic TOCTTOU error), it also copies file permissions across (https://github.com/jprichardson/node-fs-extra/blob/a37d7bbe1c62e5fc2c20212678f4bbd41fc9e202/lib/copy/ncp.js#L99). This is plain wrong: the source file might not even share user and groups, so copying mode won't work. And umask should anyway apply to the mode, so it most likely won't even do the wrong thing it wants to do.
Do we need to use this? It exhibits unPosixan behaviour, and is very surprising to the end-user.
The text was updated successfully, but these errors were encountered:
In the #130 review @michaeladda and @rylandg discussed some rough edges in using node-fs-extra to copy files. The
ncp
function there is suspect: apart from verifying existence to decide whether to delete before copying instead of opening withO_WRONLY|O_TRUNC
(a classic TOCTTOU error), it also copies file permissions across (https://github.com/jprichardson/node-fs-extra/blob/a37d7bbe1c62e5fc2c20212678f4bbd41fc9e202/lib/copy/ncp.js#L99). This is plain wrong: the source file might not even share user and groups, so copying mode won't work. Andumask
should anyway apply to the mode, so it most likely won't even do the wrong thing it wants to do.Do we need to use this? It exhibits unPosixan behaviour, and is very surprising to the end-user.
The text was updated successfully, but these errors were encountered: