Message 408704 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	Mark.Shannon, christian.heimes
Date	2021-12-16.14:25:02
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1639664702.49.0.440239374685.issue46072@roundup.psfhosted.org>
In-reply-to

Content
I just noticed that you are using hard-coded paths with /tmp for the pystats directory. That's problematic and opens the possibility of a symlink race attack. Could please add exclusive create to _Py_PrintSpecializationStats()? The will prevent symlink attacks. fopen() mode "x" is not generally available in all libcs. You have to combine open() and fdopen(): int flags = O_WRONLY \| O_CREAT \| O_EXCL; #ifdef O_NOFOLLOW flags \|= O_NOFOLLOW; #endif #ifdef O_CLOEXEC flags \|= O_CLOEXEC; #endif int fd = open(path, flags); if (fd >= 0) { FILE *fout = fdopen(fd, "w"); }

I just noticed that you are using hard-coded paths with /tmp for the pystats directory. That's problematic and opens the possibility of a symlink race attack.

Could please add exclusive create to _Py_PrintSpecializationStats()? The will prevent symlink attacks. fopen() mode "x" is not generally available in all libcs. You have to combine open() and fdopen():


int flags = O_WRONLY | O_CREAT | O_EXCL;
#ifdef O_NOFOLLOW
flags |= O_NOFOLLOW;
#endif
#ifdef O_CLOEXEC
flags |= O_CLOEXEC;
#endif

int fd = open(path, flags);
if (fd >= 0) {
    FILE *fout = fdopen(fd, "w");
}

History
Date	User	Action	Args
2021-12-16 14:25:02	christian.heimes	set	recipients: + christian.heimes, Mark.Shannon
2021-12-16 14:25:02	christian.heimes	set	messageid: <1639664702.49.0.440239374685.issue46072@roundup.psfhosted.org>
2021-12-16 14:25:02	christian.heimes	link	issue46072 messages
2021-12-16 14:25:02	christian.heimes	create