Message 164248 - Python tracker (original) (raw)
I'm pretty busy right now, please open a ticket for listdir.
_rmtree_safe_fd could remove the directory just after the recursive step using the parent's dirfd. Of course you'd also have to add a rmdir for the very-tippy-top after the original call in shutil.rmtree too. But this would prevent the malicious user from even removing empty directories.