Message147080
| Author |
neologix |
| Recipients |
eric.araujo, hynek, mrts, neologix, petri.lehtinen, pitrou, rosslagerwall, schmir, tarek, teamnoir |
| Date |
2011年11月05日.11:56:48 |
| SpamBayes Score |
0.0043583987 |
| Marked as misclassified |
No |
| Message-id |
<1320494210.0.0.130351658855.issue4489@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
> FYI, I have a pathlib experiment in
> http://hg.python.org/features/pathlib/, with an optional openat-based
> accessor.
Interesting: I used to think that the current API for dealing with paths was a little too basic and terse.
Concerning this issue, one (last) thing: rmtree performs a depth-first traversal of the directory tree, keeping an open FD at each directory level: in case of deeply-nested directory hierarchy, or if there are many open FDs, there's the risk of running out of FDs.
I think the best thing would be to let rmtree fail (provided it closes all the FDs it opened): falling back to the "unsafe" version would be stupid (an attacker would just have to create a deeply-nested hierarchy, and then use the same old symlink race). |
|