Does This Scare You?
Jon Ribbens
jon+usenet at unequivocal.eu
Mon Aug 22 14:12:36 EDT 2016
On 2016-08-22, Steve D'Aprano <steve+python at pearwood.info> wrote:
> I'm not really sure what the question is -- we've established that there's a
> bug in the non-Windows implementation that tries to emulate Window's
> behaviour. What else is there to argue about?
It doesn't seem to be "the non-Windows implementation", it seems to be
"the implementation".
> - Does anyone wish to argue that Python shouldn't provide
> PureWindowsPath.is_reserved on non-Windows systems? For what reason?
It shouldn't provide it at all unless it works. The reason I'm putting
it that way is that making it work may be a very great deal of effort
(What is the actual full list of special filenames? Does it vary
between supported Windows versions? How can anyone tell test that
the function is correct?)
> - Is anyone still arguing that there's a new security vulnerability
> here because of the pathlib functions? If so, how do you see this
> attack working? (Existing filename-based attacks are not new.)
Already answered.
> I don't see what the issue is. Eryksun found a bug in pathlib, well done. (I
> mean that, I'm not being sarcastic.) I still don't understand why Lawrence
> posed his question in the first place.
Presumably because of the security implications as described.
More information about the Python-list
mailing list