[Python-Dev] Backward compatibility of shutil.rmtree
Hynek Schlawack
hs at ox.cx
Sun May 20 13:58:38 CEST 2012
Hi,
as our shutil.rmtree() is vulnerable to symlink attacks (see
<http://bugs.python.org/issue4489>) I’ve implemented a safe version
using os.fwalk() and os.unlinkat() for Python 3.3.
Now we face a problem I’d like a broad opinion on: rmtree has a callback
hook called `onerror` that that gets called with amongst others the
function that caused the error (see
<http://docs.python.org/dev/library/shutil.html#shutil.rmtree>).
Two of them differ in the new version: os.fwalk() is used instead of
os.listdir() and os.unlinkat() instead of os.remove().
The safe version is used transparently if available, so this could
potentially break code. Also it would mean that rmtree would behave
differently on Linux & OS X for example.
I’ve been thinking to "fake" the function names, as they map pretty good
anyway. I.e. call onerror with os.listdir if os.fwalk failed and with
os.remove instead of os.unlinkat. That could also make sense if some
kind soul writes a safe rmtree for Windows or OS X so the function works
the same across all platforms. It's a bit ugly though, a cleaner way
would be to start using well defined symbols, but that would break code
for sure.
Opinions?
Cheers,
Hynek
More information about the Python-Dev
mailing list