[issue13734] Add a generic directory walker method to avoid symlink attacks
Charles-François Natali
report at bugs.python.org
Tue Jan 31 14:45:50 CET 2012
Charles-François Natali <neologix at free.fr> added the comment:
> Given that, flistdir() and fwalk() seem like the most consistent choices of name for APIs that aren't directly
> matching an underlying POSIX function name.
Well, that seems OK for me.
I guess the only reason fdlistdir() is named that way is because of
fdopendir(3).
I can make the change for fwalk(), and since 3.3 hasn't been released
yet, I guess we can rename fdlistdir() too.
> There's something I don't understand in the patch: why does _are_same_file examine st_mode?
It doesn't have to, that's actually useless.
The only thing that bothers me is that it needs O(height of directory
tree), so with really deep directory trees, we could run out of FDs.
Not sure that could be a problem in practice, but that's something to
keep in mind.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13734>
_______________________________________
More information about the Python-bugs-list
mailing list