Does This Scare You?
Steve D'Aprano
steve+python at pearwood.info
Mon Aug 22 13:35:27 EDT 2016
On Tue, 23 Aug 2016 03:13 am, eryk sun wrote:
> But if they open files
> like "C:\Users\JoeUser\Documents\Nul.20160822.doc", I want to make
> sure they know that they just asked to save to "\\.\NUL". It's not a
> common problem. I just find the system's behavior abhorrent. I'd like
> to have a manifest setting that opts the process out of this stupid
> DOS legacy behavior.
Aren't we getting further and further away from the original topic?
I don't think this is about Window's support for legacy behaviour from
ancient DOS days. Yes, it would be nice if Windows dropped support for
these horrid magic file names, but that's nothing to do with Python.
I'm not really sure what the question is -- we've established that there's a
bug in the non-Windows implementation that tries to emulate Window's
behaviour. What else is there to argue about?
- Does anyone wish to argue that Python shouldn't provide
PureWindowsPath.is_reserved on non-Windows systems? For what reason?
- Is anyone still arguing that there's a new security vulnerability
here because of the pathlib functions? If so, how do you see this
attack working? (Existing filename-based attacks are not new.)
I don't see what the issue is. Eryksun found a bug in pathlib, well done. (I
mean that, I'm not being sarcastic.) I still don't understand why Lawrence
posed his question in the first place.
--
Steve
“Cheer up,” they said, “things could be worse.” So I cheered up, and sure
enough, things got worse.
More information about the Python-list
mailing list