Author pitrou
Recipients hynek, ncoghlan, neologix, pitrou, rosslagerwall, tarek
Date 2012-01-08.13:55:20
SpamBayes Score 3.12418e-07
Marked as misclassified No
Message-id <1326030840.3374.5.camel@localhost.localdomain>
In-reply-to <1326017614.67.0.222812768652.issue13734@psf.upfronthosting.co.za>
Content
> Since walkdir is currently entirely based on returning filesystem
> paths as strings (just like os.walk()) and hence shares the pervasive
> symlink attack vulnerability, I'm particularly interested in the
> question of whether or not the various *at APIs can be used to avoid
> symlink attacks if we just have a os.walkfd() API that emits a (dirfd,
> subdirs, files) triple instead of the os.walk style (dirpath, subdirs,
> files).

Be aware that you have to manage dirfd's lifetime, which can make things
interesting.
Also be aware that symlinks mean sometimes you won't have a dirfd: if
you have a symlink that points to another directory, you can't open that
directory using openat from the symlink's directory. So if you follow
symlinks (or have an option to do so) you must also take that case into
account.
History
Date User Action Args
2012-01-08 13:55:21pitrousetrecipients: + pitrou, ncoghlan, tarek, neologix, rosslagerwall, hynek
2012-01-08 13:55:20pitroulinkissue13734 messages
2012-01-08 13:55:20pitroucreate