[issue4489] shutil.rmtree is vulnerable to a symlink attack
Mart Sõmermaa
report at bugs.python.org
Mon Dec 29 09:46:05 CET 2008
Mart Sõmermaa <mrts at mrts.pri.ee> added the comment:
A blunt, ineffective solution would be to walk the tree before removing
it and recording path : inode pairs in a dict on first pass and then
checking that the inodes have not changed during removal on second pass.
If no clever bulletproof fix emerges, perhaps this should be added as
shutil.rmtree_safe (duh, API bloat...)?
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4489>
_______________________________________
More information about the Python-bugs-list
mailing list