[issue4489] shutil.rmtree is vulnerable to a symlink attack
Mart Sõmermaa
report at bugs.python.org
Sun Dec 28 17:38:35 CET 2008
Mart Sõmermaa <mrts at mrts.pri.ee> added the comment:
> Mmmh, the problem with Perl's approach is that it changes the current
> working directory (calls to chdir()), which is process-specific and not
> thread-specific. Currently, no function in shutil changes the current
> working directory, which is a nice behaviour and should IMO be preserved.
Using chdir() makes sense and it doesn't look like a too big problem to me:
def rmtree(...):
...
curdir = os.getcwd()
try:
call chdir() as required
finally:
try:
os.chdir(curdir)
except:
warnings.warn("Unable to chdir to previous current dir")
...
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4489>
_______________________________________
More information about the Python-bugs-list
mailing list