[issue37834] readlink on Windows cannot read app exec links
Eryk Sun
report at bugs.python.org
Fri Aug 16 18:22:23 EDT 2019
Eryk Sun <eryksun at gmail.com> added the comment:
> the '/mnt/c/Document and Settings' junction... though now I try
> it that those don't actually work...)
The security on compatibility junctions denies everyone read-data (list) access, but in Windows they can still be traversed (e.g. "C:/Documents and Settings/Public") because execute (traverse) access isn't denied, and even if it were denied, standard Windows users have SeChangeNotifyPrivilege to bypass traverse checking.
I created a test junction named "eggs" that targets a directory named "spam" that has "spam/foo" subdirectory. I set the junction's security to match that of "Documents and Settings". In WSL, trying to traverse it to stat the "foo" subdirectory failed with EACCES, just as with "Documents and Settings/Public". After removing the entry that denies read-data access, it worked fine. There's no problem traversing "spam" directly if I set the same security on it that denies everyone read-data access; it only prevents listing the directory.
It seems that in order to evaluate an NT junction, drvfs tries to open it with read-data access. I don't see why it would have to do that.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37834>
_______________________________________
More information about the Python-bugs-list
mailing list