Message 141122 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	neologix
Recipients	abacabadabacaba, georg.brandl, ncoghlan, neologix, petri.lehtinen
Date	2011-07-25.20:30:10
SpamBayes Score	0.0024420402
Marked as misclassified	No
Message-id	<1311625811.35.0.0551055814689.issue12464@psf.upfronthosting.co.za>
In-reply-to

Content
I'm not sure I see what the problem is: - if the idea behind this is the risk of symlink attack (like issue #4489), it's not the case here, because the directory is created with 0600 permission - furthermore, the attached patch has a TOCTTOU race, between the the call to os.path.islink() and the call to rmtree() So I'd like to know the problem we're trying to solve here.

I'm not sure I see what the problem is:
- if the idea behind this is the risk of symlink attack (like issue #4489), it's not the case here, because the directory is created with 0600 permission
- furthermore, the attached patch has a TOCTTOU race, between the the call to os.path.islink() and the call to rmtree()

So I'd like to know the problem we're trying to solve here.

History
Date	User	Action	Args
2011-07-25 20:30:11	neologix	set	recipients: + neologix, georg.brandl, ncoghlan, abacabadabacaba, petri.lehtinen
2011-07-25 20:30:11	neologix	set	messageid: <1311625811.35.0.0551055814689.issue12464@psf.upfronthosting.co.za>
2011-07-25 20:30:10	neologix	link	issue12464 messages
2011-07-25 20:30:10	neologix	create