Antoine Pitrou <pit...@free.fr> added the comment:
Le mercredi 05 janvier 2011 à 16:58 +0000, Ross Lagerwall a écrit :
> Ross Lagerwall <rosslagerw...@gmail.com> added the comment:
>
> Updated patch removes the race condition. Since an open follows symlinks, you
> can't just fstat the fd to see if it is a link. I followed the following to
> overcome this:
> https://www.securecoding.cert.org/confluence/display/seccode/POS35-C.+Avoid+race+conditions+while+checking+for+the+existence+of+a+symbolic+link
Nice. I am unsure about the following piece of code:
+ if stat.S_ISDIR(mode):
+ if stat.S_ISLNK(mode):
+ try:
+ raise OSError("Cannot call rmtree on a symbolic
link")
+ except OSError:
+ onerror(os.fstatat, (dirfd, name), sys.exc_info())
If rmtree() encounters a symlink *inside* the tree, I would expect it to
simply remove the symlink, rather than choke and abort (it's also what
the unsafe implementation does).
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue4489>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
