Message 164251 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	hynek
Recipients	Arfrever, eric.araujo, ezio.melotti, georg.brandl, hynek, jcea, larry, loewis, mrts, ncoghlan, neologix, petri.lehtinen, pitrou, python-dev, rosslagerwall, schmir, tarek, teamnoir
Date	2012-06-28.12:33:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<4FEC4EFC.2010400@ox.cx>
In-reply-to	<1340884903.64.0.698523145315.issue4489@psf.upfronthosting.co.za>

Content
> I'm pretty busy right now, please open a ticket for listdir. done > _rmtree_safe_fd could remove the directory just after the recursive step using the parent's dirfd. Of course you'd also have to add a rmdir for the very-tippy-top after the original call in shutil.rmtree too. But this would prevent the malicious user from even removing empty directories. Okay I looked into it and it seems okay. IIRC, when Martin wrote the code (and I the fwalk version before), there was no known fd-based rmdir function.

> I'm pretty busy right now, please open a ticket for listdir.

done

> _rmtree_safe_fd could remove the directory just after the recursive step using the parent's dirfd.  Of course you'd also have to add a rmdir for the very-tippy-top after the original call in shutil.rmtree too.  But this would prevent the malicious user from even removing empty directories.

Okay I looked into it and it seems okay. IIRC, when Martin wrote the
code (and I the fwalk version before), there was no known fd-based rmdir
function.

History
Date	User	Action	Args
2012-06-28 12:33:04	hynek	set	recipients: + hynek, loewis, georg.brandl, jcea, ncoghlan, pitrou, larry, schmir, tarek, ezio.melotti, eric.araujo, Arfrever, mrts, neologix, teamnoir, rosslagerwall, python-dev, petri.lehtinen
2012-06-28 12:33:03	hynek	link	issue4489 messages
2012-06-28 12:33:03	hynek	create