classification
Title: System Integrity Protection breaks shutil.copystat()
Type: behavior Stage: patch review
Components: macOS Versions: Python 3.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Ryan Govostes, giampaolo.rodola, ned.deily, ronaldoussoren
Priority: normal Keywords: patch

Created on 2017-12-16 16:45 by Ryan Govostes, last changed 2018-06-12 09:40 by giampaolo.rodola.

Pull Requests
URL Status Linked Edit
PR 4912 open Ryan Govostes, 2017-12-18 02:10
Messages (1)
msg308479 - (view) Author: Ryan Govostes (Ryan Govostes) * Date: 2017-12-16 16:45
On macOS, shutil.copystat() uses chflags() to try to copy filesystem flags from the source to destination.

In recent years, Apple introduced System Integrity Protection, which prevents modification of system files. These files have the non-standard SF_RESTRICTED flag set, which only the superuser can set.

Thus, unprivileged users can no longer use shutil.copy2() et al. to copy system files, which is a regression from previous releases of the OS.

It's unclear what the correct behavior should be: It some cases, it would be desirable to attempt to copy the bit.

It might be informative to look at the behavior of Apple's `copyfile_stat` function, which unsets these two flags:

   /*
    * File flags that are not preserved when copying stat information.
    */
   #define COPYFILE_OMIT_FLAGS 	(UF_TRACKED | SF_RESTRICTED)

https://opensource.apple.com/source/copyfile/copyfile-146/copyfile.c.auto.html

This was also filed to Apple as rdar://36090921
History
Date User Action Args
2018-06-12 09:40:25giampaolo.rodolasetnosy: + giampaolo.rodola
2017-12-18 02:10:02Ryan Govostessetkeywords: + patch
stage: patch review
pull_requests: + pull_request4806
2017-12-16 16:45:01Ryan Govostescreate