Author vstinner
Recipients Arfrever, georg.brandl, josh.r, ncoghlan, neologix, pitrou, python-dev, serhiy.storchaka, socketpair, vstinner
Date 2015-10-20.07:54:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> Suppose conditions:
> - Old linux kernel ignoring flag
> - malicious hacker force use of PLAIN FILE instead of directory

Is it a theorical bug, or are you able to reproduce it?

Old Linux kernel ignores the 0o20000000 bit but O_TMPFILE is 0o20000000 | os.O_DIRECTORY. So the kernel still ensures that the path is a directory. tempfile.TemporaryFile() tries to open the path with:, os.O_RDWR |os.O_EXCL | os.O_TMPFILE)

if the 0o20000000 bit is ignored by old kernel, it becomes:, os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)

You cannot open a regular file with these flags:

>>> open('x', 'w').close()
>>>'x', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NotADirectoryError: [Errno 20] Not a directory: 'x'

You cannot open a directory with these flags:

>>>'.', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
IsADirectoryError: [Errno 21] Is a directory: '.'

Same behaviour for symbolic link to a regular file or to a directory.

Please open a new issue if you consider that you found a bug, but please write a short script reproducing the bug.
Date User Action Args
2015-10-20 07:54:21vstinnersetrecipients: + vstinner, georg.brandl, ncoghlan, pitrou, Arfrever, neologix, socketpair, python-dev, serhiy.storchaka, josh.r
2015-10-20 07:54:21vstinnersetmessageid: <>
2015-10-20 07:54:21vstinnerlinkissue21515 messages
2015-10-20 07:54:20vstinnercreate