[New-bugs-announce] [issue45401] logging TimedRotatingFileHandler must not rename devices like /dev/null
STINNER Victor
report at bugs.python.org
Thu Oct 7 05:47:34 EDT 2021
New submission from STINNER Victor <vstinner at python.org>:
One way to disable logging in a configuration file is to use /dev/null as the filename for logs. It is fine to use that with FileHandler.
The problem is when TimedRotatingFileHandler is used. When Python decides to rotate the "file", it calls os.rename() on /dev/null *device* and create a new /dev/null *file* which will be quickly filled by all applications on the system writing into /dev/null.
The problem is only possible if the process is allowed to rename the device /dev/null. For example, a regular user gets a permission error.
I see different options:
* TimedRotatingFileHandler should disable rotation if it detects that the file is a device (not a regular file)
* logging should switch to NullHandler if filename is equal to os.path.devnull.
I guess that the problem is the same if the filename points to a socket or a named pipe.
RotatingFileHandler may also be affected, I didn't check.
... I'm quite sure that I had the same issue with Twisted years ago, but I don't recall the details :-) Twisted didn't use the logging module if I recall correctly.
RHEL downstream issue: https://bugzilla.redhat.com/show_bug.cgi?id=2009200
----------
components: Library (Lib)
messages: 403371
nosy: vinay.sajip, vstinner
priority: normal
severity: normal
status: open
title: logging TimedRotatingFileHandler must not rename devices like /dev/null
versions: Python 3.11
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue45401>
_______________________________________
More information about the New-bugs-announce
mailing list