[Python-Dev] [Python-checkins] cpython: #4489: Add a shutil.rmtree that isn't suspectible to symlink attacks (original) (raw)
Nick Coghlan ncoghlan at gmail.com
Sat Jun 23 18:40:14 CEST 2012
- Previous message: [Python-Dev] Empty directory is a namespace?
- Next message: [Python-Dev] [Python-checkins] cpython: #4489: Add a shutil.rmtree that isn't suspectible to symlink attacks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Jun 24, 2012 at 2:18 AM, hynek.schlawack <python-checkins at python.org> wrote:
http://hg.python.org/cpython/rev/c910af2e3c98 changeset: 77635:c910af2e3c98 user: Hynek Schlawack <hs at ox.cx> date: Sat Jun 23 17:58:42 2012 +0200 summary: #4489: Add a shutil.rmtree that isn't suspectible to symlink attacks
It is used automatically on platforms supporting the necessary os.openat() and os.unlinkat() functions. Main code by Martin von Löwis.
Unfortunately, this isn't actually having any effect at the moment since the os module APIs changed for the beta release.
The "hasattr(os, 'unlinkat')" and "hasattr(os, 'openat')" checks need to become "os.unlink in os.supports_dir_fd" and "os.open in os.supports_dir_fd", and the affected calls need to be updated to pass "dir_fd" as an argument to the normal versions of the functions.
At least we know the graceful fallback to the old behaviour is indeed graceful, though :)
Cheers, Nick.
-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
- Previous message: [Python-Dev] Empty directory is a namespace?
- Next message: [Python-Dev] [Python-checkins] cpython: #4489: Add a shutil.rmtree that isn't suspectible to symlink attacks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]