[Python-Dev] [Python-checkins] cpython: #4489: Add a shutil.rmtree that isn't suspectible to symlink attacks
Nick Coghlan
ncoghlan at gmail.com
Sat Jun 23 18:40:14 CEST 2012
On Sun, Jun 24, 2012 at 2:18 AM, hynek.schlawack
<python-checkins at python.org> wrote:
> http://hg.python.org/cpython/rev/c910af2e3c98
> changeset: 77635:c910af2e3c98
> user: Hynek Schlawack <hs at ox.cx>
> date: Sat Jun 23 17:58:42 2012 +0200
> summary:
> #4489: Add a shutil.rmtree that isn't suspectible to symlink attacks
>
> It is used automatically on platforms supporting the necessary os.openat() and
> os.unlinkat() functions. Main code by Martin von Löwis.
Unfortunately, this isn't actually having any effect at the moment
since the os module APIs changed for the beta release.
The "hasattr(os, 'unlinkat')" and "hasattr(os, 'openat')" checks need
to become "os.unlink in os.supports_dir_fd" and "os.open in
os.supports_dir_fd", and the affected calls need to be updated to pass
"dir_fd" as an argument to the normal versions of the functions.
At least we know the graceful fallback to the old behaviour is indeed
graceful, though :)
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list