Author pitrou
Recipients loewis, pitrou
Date 2008-12-28.14:58:36
SpamBayes Score 0.000460843
Marked as misclassified No
Message-id <1230476318.95.0.898909480668.issue4761@psf.upfronthosting.co.za>
In-reply-to
Content
Very recent POSIX versions have introduced a set of functions named
openat(), unlinkat(), etc. (*) which allow to access files relatively to
a directory pointed to by a file descriptor (rather than the
process-wide current working directory). They are necessary to implement
thread-safe directory traversal without any symlink attacks such as in
#4489. Providing Python wrappers for these functions would help creating
higher-level abstractions for secure directory traversal on platforms
that support it.

(*) http://www.opengroup.org/onlinepubs/9699919799/functions/openat.html

“The purpose of the openat() function is to enable opening files in
directories other than the current working directory without exposure to
race conditions. Any part of the path of a file could be changed in
parallel to a call to open(), resulting in unspecified behavior. By
opening a file descriptor for the target directory and using the
openat() function it can be guaranteed that the opened file is located
relative to the desired directory.”
History
Date User Action Args
2008-12-28 14:58:39pitrousetrecipients: + pitrou, loewis
2008-12-28 14:58:38pitrousetmessageid: <1230476318.95.0.898909480668.issue4761@psf.upfronthosting.co.za>
2008-12-28 14:58:38pitroulinkissue4761 messages
2008-12-28 14:58:37pitroucreate