Message253213
> Suppose conditions:
> - Old linux kernel ignoring flag
> - malicious hacker force use of PLAIN FILE instead of directory
Is it a theorical bug, or are you able to reproduce it?
Old Linux kernel ignores the 0o20000000 bit but O_TMPFILE is 0o20000000 | os.O_DIRECTORY. So the kernel still ensures that the path is a directory. tempfile.TemporaryFile() tries to open the path with:
os.open(path, os.O_RDWR |os.O_EXCL | os.O_TMPFILE)
if the 0o20000000 bit is ignored by old kernel, it becomes:
os.open(path, os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
You cannot open a regular file with these flags:
>>> open('x', 'w').close()
>>> os.open('x', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NotADirectoryError: [Errno 20] Not a directory: 'x'
You cannot open a directory with these flags:
>>> os.open('.', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
IsADirectoryError: [Errno 21] Is a directory: '.'
Same behaviour for symbolic link to a regular file or to a directory.
Please open a new issue if you consider that you found a bug, but please write a short script reproducing the bug. |
|
Date |
User |
Action |
Args |
2015-10-20 07:54:21 | vstinner | set | recipients:
+ vstinner, georg.brandl, ncoghlan, pitrou, Arfrever, neologix, socketpair, python-dev, serhiy.storchaka, josh.r |
2015-10-20 07:54:21 | vstinner | set | messageid: <1445327661.53.0.0719362186468.issue21515@psf.upfronthosting.co.za> |
2015-10-20 07:54:21 | vstinner | link | issue21515 messages |
2015-10-20 07:54:20 | vstinner | create | |
|