Message 164248 - Python tracker (original) (raw)

I'm pretty busy right now, please open a ticket for listdir.

_rmtree_safe_fd could remove the directory just after the recursive step using the parent's dirfd. Of course you'd also have to add a rmdir for the very-tippy-top after the original call in shutil.rmtree too. But this would prevent the malicious user from even removing empty directories.