Message310479
This bug is about paths that compare *equal*, but refer to *different* files. I agree that the opposite is not much of a problem (and I said so in the original comment).
The reason I classified this as a security bug is that Python scripts using pathlib on Windows could be vulnerable in certain cases to an attacker that can choose file names. For example, the order in which paths are added to a set or dict could affect which of two files is seen by the script. If different parts of the script add files in different orders - which would normally be safe - the result could be similar to a TOCTTOU race.
I don't disagree that "doing a good enough job of case folding is better than ignoring it." I just think that pathlib should not case-fold strings that Windows filesystems don't. |
|
Date |
User |
Action |
Args |
2018-01-23 07:55:57 | benrg | set | recipients:
+ benrg, paul.moore, pitrou, tim.golden, zach.ware, steve.dower |
2018-01-23 07:55:57 | benrg | set | messageid: <1516694157.3.0.467229070634.issue32612@psf.upfronthosting.co.za> |
2018-01-23 07:55:57 | benrg | link | issue32612 messages |
2018-01-23 07:55:57 | benrg | create | |
|