R. David Murray added the comment:
I would guess that the most future-proof response to this would be to delete
the script. If we do keep it, it should definitely be fixed.
--
nosy: +r.david.murray
___
Python tracker rep...@bugs.python.org
Roundup Robot added the comment:
New changeset 8f92ab37dd3a by Benjamin Peterson in branch '2.7':
delete old ftpmirror script, which now has security bugs (closes #23130)
https://hg.python.org/cpython/rev/8f92ab37dd3a
New changeset 223d0927e27d by Benjamin Peterson in branch '3.2':
delete old
New submission from Guido Vranken:
Tools/scripts/ftpmirror.py does not guard against arbitrary path constructions,
and, given a connection to a malicious FTP server (or a man in the middle
attack), it is possible that any file on the client's filesystem gets
overwritten. Ie,. if we suppose
