Author ncoghlan
Recipients hynek, ncoghlan, neologix, pitrou, rosslagerwall, tarek
Date 2012-01-08.10:13:33
SpamBayes Score 2.3664e-05
Marked as misclassified No
Message-id <1326017614.67.0.222812768652.issue13734@psf.upfronthosting.co.za>
In-reply-to
Content
Since walkdir is currently entirely based on returning filesystem paths as strings (just like os.walk()) and hence shares the pervasive symlink attack vulnerability, I'm particularly interested in the question of whether or not the various *at APIs can be used to avoid symlink attacks if we just have a os.walkfd() API that emits a (dirfd, subdirs, files) triple instead of the os.walk style (dirpath, subdirs, files).

The reason I'd find that interesting is that many of walkdir's filtering steps (notably those for including and excluding directories) don't care about the value of dirpath, so they could still be used with such an API.

Thoughts?
History
Date User Action Args
2012-01-08 10:13:34ncoghlansetrecipients: + ncoghlan, pitrou, tarek, neologix, rosslagerwall, hynek
2012-01-08 10:13:34ncoghlansetmessageid: <1326017614.67.0.222812768652.issue13734@psf.upfronthosting.co.za>
2012-01-08 10:13:34ncoghlanlinkissue13734 messages
2012-01-08 10:13:33ncoghlancreate