Created on 2002-08-02 18:21 by zackw, last changed 2002-08-08 20:19 by gvanrossum. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| D | zackw, 2002-08-02 18:21 | |||
| Messages (3) | |||
|---|---|---|---|
| msg40775 - (view) | Author: Zack Weinberg (zackw) | Date: 2002-08-02 18:21 | |
1) Do not attempt to exec a file which does not exist just to find out what error the operating system returns. This is an exploitable race on all platforms that support symbolic links. 2) Immediately re-raise the exception if we get an error other than errno.ENOENT or errno.ENOTDIR. This may need to be adapted for other platforms. (As a security issue, this should be considered for 2.1 and 2.2 as well as 2.3.) |
|||
| msg40776 - (view) | Author: Guido van Rossum (gvanrossum) *  |
Date: 2002-08-05 16:14 | |
Logged In: YES user_id=6380 OK, checked in for 2.3. Keeping this open until I find the time to backport it to 2.2 and 2.1 (or someone else does that). |
|||
| msg40777 - (view) | Author: Guido van Rossum (gvanrossum) * |
Date: 2002-08-08 20:19 | |
Logged In: YES user_id=6380 All backported. (Note that as a side effect of this patch, changes to Modules/Setup[.dist] had to be made and backported to compile the errno module statically, because the patch introduces a dependency on it to distutils and hence to the setup.py script.) |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2002-08-02 18:21:37 | zackw | create | |