Message40775
1) Do not attempt to exec a file which does not exist
just to find out what error the operating system
returns. This is an exploitable race on all platforms
that support symbolic links.
2) Immediately re-raise the exception if we get an
error other than errno.ENOENT or errno.ENOTDIR. This
may need to be adapted for other platforms.
(As a security issue, this should be considered for 2.1
and 2.2 as well as 2.3.)
|
|
Date |
User |
Action |
Args |
2007-08-23 15:14:28 | admin | link | issue590294 messages |
2007-08-23 15:14:28 | admin | create | |
|