Nick Coghlan <ncogh...@gmail.com> added the comment: Correctly avoiding symlink attacks, which is the whole reason the POSIX *at variants and the dir_fd parameters were added, is not trivial in general. os.fwalk and shutil.rmtree went through many iterations before reaching a state where they should successfully avoid the problem.
Simply passing a (path, dir_fd) 2-tuple instead of a string and calling it done is highly unlikely to produce a secure result, thus rather missing the point of the exercise. ---------- nosy: +ncoghlan resolution: -> rejected stage: -> committed/rejected status: open -> closed _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15203> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
