Message141129
Without even mentioning the possibility attacks, I think it's wrong for the cleanup routine to follow symbolic links. It should instead simply remove the links, and not mess with anything outside of the temporary directory.
Note that shutil.rmtree() does the right thing by calling lstat(). TemporaryDirectory interestingly uses a "stripped down version of rmtree" which doesn't retain that subtlety. |
|
Date |
User |
Action |
Args |
2011-07-25 23:17:40 | pitrou | set | recipients:
+ pitrou, georg.brandl, ncoghlan, neologix, abacabadabacaba, petri.lehtinen |
2011-07-25 23:17:40 | pitrou | set | messageid: <1311635860.86.0.653325461046.issue12464@psf.upfronthosting.co.za> |
2011-07-25 23:17:40 | pitrou | link | issue12464 messages |
2011-07-25 23:17:40 | pitrou | create | |
|