Author vstinner
Recipients Arfrever, georg.brandl, josh.r, ncoghlan, neologix, pitrou, python-dev, serhiy.storchaka, socketpair, vstinner
Date 2015-10-20.07:54:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1445327661.53.0.0719362186468.issue21515@psf.upfronthosting.co.za>
In-reply-to
Content
> Suppose conditions:
> - Old linux kernel ignoring flag
> - malicious hacker force use of PLAIN FILE instead of directory

Is it a theorical bug, or are you able to reproduce it?

Old Linux kernel ignores the 0o20000000 bit but O_TMPFILE is 0o20000000 | os.O_DIRECTORY. So the kernel still ensures that the path is a directory. tempfile.TemporaryFile() tries to open the path with:

   os.open(path, os.O_RDWR |os.O_EXCL | os.O_TMPFILE)

if the 0o20000000 bit is ignored by old kernel, it becomes:

   os.open(path, os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)

You cannot open a regular file with these flags:

>>> open('x', 'w').close()
>>> os.open('x', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NotADirectoryError: [Errno 20] Not a directory: 'x'

You cannot open a directory with these flags:

>>> os.open('.', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
IsADirectoryError: [Errno 21] Is a directory: '.'

Same behaviour for symbolic link to a regular file or to a directory.

Please open a new issue if you consider that you found a bug, but please write a short script reproducing the bug.
History
Date User Action Args
2015-10-20 07:54:21vstinnersetrecipients: + vstinner, georg.brandl, ncoghlan, pitrou, Arfrever, neologix, socketpair, python-dev, serhiy.storchaka, josh.r
2015-10-20 07:54:21vstinnersetmessageid: <1445327661.53.0.0719362186468.issue21515@psf.upfronthosting.co.za>
2015-10-20 07:54:21vstinnerlinkissue21515 messages
2015-10-20 07:54:20vstinnercreate