[issue21515] Use Linux O_TMPFILE flag in tempfile.TemporaryFile?
STINNER Victor
report at bugs.python.org
Tue Oct 20 03:54:21 EDT 2015
STINNER Victor added the comment:
> Suppose conditions:
> - Old linux kernel ignoring flag
> - malicious hacker force use of PLAIN FILE instead of directory
Is it a theorical bug, or are you able to reproduce it?
Old Linux kernel ignores the 0o20000000 bit but O_TMPFILE is 0o20000000 | os.O_DIRECTORY. So the kernel still ensures that the path is a directory. tempfile.TemporaryFile() tries to open the path with:
os.open(path, os.O_RDWR |os.O_EXCL | os.O_TMPFILE)
if the 0o20000000 bit is ignored by old kernel, it becomes:
os.open(path, os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
You cannot open a regular file with these flags:
>>> open('x', 'w').close()
>>> os.open('x', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NotADirectoryError: [Errno 20] Not a directory: 'x'
You cannot open a directory with these flags:
>>> os.open('.', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
IsADirectoryError: [Errno 21] Is a directory: '.'
Same behaviour for symbolic link to a regular file or to a directory.
Please open a new issue if you consider that you found a bug, but please write a short script reproducing the bug.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21515>
_______________________________________
More information about the Python-bugs-list
mailing list