Author larry
Recipients Arfrever, eric.araujo, ezio.melotti, georg.brandl, hynek, jcea, larry, loewis, mrts, ncoghlan, neologix, petri.lehtinen, pitrou, python-dev, rosslagerwall, schmir, tarek, teamnoir
Date 2012-06-28.11:22:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1340882549.88.0.883055659456.issue4489@psf.upfronthosting.co.za>
In-reply-to
Content
I'm not a security guy, but: shouldn't the os.unlink call when it isn't a directory specify follow_symlinks=False?  And wouldn't it be safer if the os.rmdir() call also used dir_fd=?


Additionally, I think you missed some stuff for shutil._use_fd_functions.  Assuming I'm right on both of the above, you should also check:
* os.listdir in os.supports_dir_fd
* os.rmdir in os.supports_dir_fd
* os.stat in os.supports_dir_fd
* os.stat in os.supports_follow_symlinks
* os.unlink in os.supports_follow_symlinks

I'd spell that
_use_fd_functions = ({os.listdir, os.open, os.rmdir, os.stat, os.unlink} < 
    os.supports_dir_fd and
    {os.stat, os.unlink} <= os.supports_follow_symlinks)


Finally, up to you, but I'd be tempted to change the "lstat" "and "fstat" calls to "stat" calls using the relevant parameters.
History
Date User Action Args
2012-06-28 11:22:29larrysetrecipients: + larry, loewis, georg.brandl, jcea, ncoghlan, pitrou, schmir, tarek, ezio.melotti, eric.araujo, Arfrever, mrts, neologix, teamnoir, rosslagerwall, python-dev, petri.lehtinen, hynek
2012-06-28 11:22:29larrysetmessageid: <1340882549.88.0.883055659456.issue4489@psf.upfronthosting.co.za>
2012-06-28 11:22:29larrylinkissue4489 messages
2012-06-28 11:22:28larrycreate