Message164245
| Author |
larry |
| Recipients |
Arfrever, eric.araujo, ezio.melotti, georg.brandl, hynek, jcea, larry, loewis, mrts, ncoghlan, neologix, petri.lehtinen, pitrou, python-dev, rosslagerwall, schmir, tarek, teamnoir |
| Date |
2012年06月28日.11:22:28 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1340882549.88.0.883055659456.issue4489@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
I'm not a security guy, but: shouldn't the os.unlink call when it isn't a directory specify follow_symlinks=False? And wouldn't it be safer if the os.rmdir() call also used dir_fd=?
Additionally, I think you missed some stuff for shutil._use_fd_functions. Assuming I'm right on both of the above, you should also check:
* os.listdir in os.supports_dir_fd
* os.rmdir in os.supports_dir_fd
* os.stat in os.supports_dir_fd
* os.stat in os.supports_follow_symlinks
* os.unlink in os.supports_follow_symlinks
I'd spell that
_use_fd_functions = ({os.listdir, os.open, os.rmdir, os.stat, os.unlink} <
os.supports_dir_fd and
{os.stat, os.unlink} <= os.supports_follow_symlinks)
Finally, up to you, but I'd be tempted to change the "lstat" "and "fstat" calls to "stat" calls using the relevant parameters. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年06月28日 11:22:29 | larry | set | recipients:
+ larry, loewis, georg.brandl, jcea, ncoghlan, pitrou, schmir, tarek, ezio.melotti, eric.araujo, Arfrever, mrts, neologix, teamnoir, rosslagerwall, python-dev, petri.lehtinen, hynek |
| 2012年06月28日 11:22:29 | larry | set | messageid: <1340882549.88.0.883055659456.issue4489@psf.upfronthosting.co.za> |
| 2012年06月28日 11:22:29 | larry | link | issue4489 messages |
| 2012年06月28日 11:22:28 | larry | create |
|