Does This Scare You?
Tim Chase
python.list at tim.thechases.com
Mon Aug 22 09:04:14 EDT 2016
On 2016-08-22 22:39, Chris Angelico wrote:
> Nope. On Windows, you would try/except it. There are myriad other
> ways something could fail, and the only correct action is to
> attempt it. Most of the reserved names will simply give an error;
The problem is that when opening such a pseudo-file, you can get
unexpected behavior. In the Unix world, we're used to
files-that-aren-t-files (such as things in /dev ). But a lot of
Windows developers don't handle these cases, and so opening something
like COM1 can end up hanging a program indefinitely instead of
actually returning either an error or a file-handle. If you have a
web-server running on Windows and can manage to coerce a file to have
such a name, you might be able to hang the web-server process while
it tries to read from (or write to) the serial port. And poof,
near-instant DoS.
-tkc
More information about the Python-list
mailing list