[New-bugs-announce] [issue46959] ctypes.util.find_library can delete /dev/null
Barry Davis
report at bugs.python.org
Tue Mar 8 09:58:43 EST 2022
New submission from Barry Davis <barry.c.davis at gmail.com>:
This bug exists again: https://bugs.python.org/issue1521375
In ctypes/util we defend against gcc removing /dev/null by using a temp file, but similar code for ld still uses /dev/null, resulting in it removing /dev/null if it has permission, i.e. if running as root.
Reproduction steps in the original bug still work I think.
I found this when running pyinstaller.
I slimmed the test case down to:
import ctypes.util
libname = ctypes.util.find_library("ApplicationServices")
Here's my patch (indentation is wrong to just show the actual change needed):
--- Python-3.10.2/Lib/ctypes/util.py 2022-03-08 14:34:52.188808751 +0000
+++ Python-3.10.2/Lib/ctypes/util.py 2022-03-08 14:40:23.604615242 +0000
@@ -305,9 +305,11 @@
if libpath:
for d in libpath.split(':'):
cmd.extend(['-L', d])
- cmd.extend(['-o', os.devnull, '-l%s' % name])
- result = None
+ temp = tempfile.NamedTemporaryFile()
try:
+ cmd.extend(['-o', temp.name, '-l%s' % name])
+ result = None
+ try:
p = subprocess.Popen(cmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True)
@@ -320,8 +322,15 @@
if not _is_elf(file):
continue
return os.fsdecode(file)
- except Exception:
+ except Exception:
pass # result will be None
+ finally:
+ try:
+ temp.close()
+ except FileNotFoundError:
+ # Raised if the file was already removed, which is the normal
+ # behaviour if linking fails
+ pass
return result
def find_library(name):
----------
components: Library (Lib)
messages: 414756
nosy: barry.c.davis
priority: normal
severity: normal
status: open
title: ctypes.util.find_library can delete /dev/null
type: behavior
versions: Python 3.10
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46959>
_______________________________________
More information about the New-bugs-announce
mailing list