[issue13734] Add a generic directory walker method to avoid symlink attacks
Charles-François Natali
report at bugs.python.org
Sun Feb 5 16:19:31 CET 2012
Charles-François Natali <neologix at free.fr> added the comment:
Committed, thanks for the comments.
Note to myself (and others that might be interested in the O(1)) version):
we can't simply call openat(dirfd, "..", O_RDONLY) to re-open the current directory's file descriptor after having walked a into one of its subdirectories because if this subdirectory is actually a link, we'll open the parent directory of the target directory, instead of the current (toppath) directory. OTOH, if the user passes followlinks=True, then we don't have to bother with openat() and friends in which case we don't have to bother passing FDs between calls to fwalk().
----------
resolution: -> fixed
stage: -> committed/rejected
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13734>
_______________________________________
More information about the Python-bugs-list
mailing list