Message141122
I'm not sure I see what the problem is:
- if the idea behind this is the risk of symlink attack (like issue #4489), it's not the case here, because the directory is created with 0600 permission
- furthermore, the attached patch has a TOCTTOU race, between the the call to os.path.islink() and the call to rmtree()
So I'd like to know the problem we're trying to solve here. |
|
Date |
User |
Action |
Args |
2011-07-25 20:30:11 | neologix | set | recipients:
+ neologix, georg.brandl, ncoghlan, abacabadabacaba, petri.lehtinen |
2011-07-25 20:30:11 | neologix | set | messageid: <1311625811.35.0.0551055814689.issue12464@psf.upfronthosting.co.za> |
2011-07-25 20:30:10 | neologix | link | issue12464 messages |
2011-07-25 20:30:10 | neologix | create | |
|