Issue 32347: System Integrity Protection breaks shutil.copystat()

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/76528

classification

Title:	System Integrity Protection breaks shutil.copystat()
Type:	behavior	Stage:	patch review
Components:	macOS	Versions:	Python 3.6

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	Ryan Govostes, giampaolo.rodola, ned.deily, ronaldoussoren
Priority:	normal	Keywords:	patch

Created on 2017-12-16 16:45 by Ryan Govostes, last changed 2022-04-11 14:58 by admin.

Pull Requests
URL	Status	Linked	Edit
PR 4912	open	Ryan Govostes, 2017-12-18 02:10

Messages (1)
msg308479 - (view)	Author: Ryan Govostes (Ryan Govostes) *	Date: 2017-12-16 16:45
On macOS, shutil.copystat() uses chflags() to try to copy filesystem flags from the source to destination. In recent years, Apple introduced System Integrity Protection, which prevents modification of system files. These files have the non-standard SF_RESTRICTED flag set, which only the superuser can set. Thus, unprivileged users can no longer use shutil.copy2() et al. to copy system files, which is a regression from previous releases of the OS. It's unclear what the correct behavior should be: It some cases, it would be desirable to attempt to copy the bit. It might be informative to look at the behavior of Apple's `copyfile_stat` function, which unsets these two flags: /* * File flags that are not preserved when copying stat information. */ #define COPYFILE_OMIT_FLAGS (UF_TRACKED \| SF_RESTRICTED) https://opensource.apple.com/source/copyfile/copyfile-146/copyfile.c.auto.html This was also filed to Apple as rdar://36090921

msg308479 - (view)

Author: Ryan Govostes (Ryan Govostes) *

Date: 2017-12-16 16:45

On macOS, shutil.copystat() uses chflags() to try to copy filesystem flags from the source to destination.

In recent years, Apple introduced System Integrity Protection, which prevents modification of system files. These files have the non-standard SF_RESTRICTED flag set, which only the superuser can set.

Thus, unprivileged users can no longer use shutil.copy2() et al. to copy system files, which is a regression from previous releases of the OS.

It's unclear what the correct behavior should be: It some cases, it would be desirable to attempt to copy the bit.

It might be informative to look at the behavior of Apple's `copyfile_stat` function, which unsets these two flags:

   /*
    * File flags that are not preserved when copying stat information.
    */
   #define COPYFILE_OMIT_FLAGS 	(UF_TRACKED | SF_RESTRICTED)

https://opensource.apple.com/source/copyfile/copyfile-146/copyfile.c.auto.html

This was also filed to Apple as rdar://36090921

History
Date	User	Action	Args
2022-04-11 14:58:55	admin	set	github: 76528
2018-06-12 09:40:25	giampaolo.rodola	set	nosy: + giampaolo.rodola
2017-12-18 02:10:02	Ryan Govostes	set	keywords: + patch stage: patch review pull_requests: + pull_request4806
2017-12-16 16:45:01	Ryan Govostes	create