[New-bugs-announce] [issue20979] Calling getdents()/readdir64() repeatedly while closing descriptors provides unexpected behaviour.
Марк Коренберг
report at bugs.python.org
Wed Mar 19 15:53:46 CET 2014
New submission from Марк Коренберг:
1. Please see last comments/patches for issue8052
2. Not closing some descriptos is security breach (PEP-0446 describes that)
=================
Calling getdents()/readdir64() repeatedly while closing descriptors provides unexpected behaviour. Reading directory while it modified is not safe by default. For example: http://en.it-usenet.org/thread/18514/15719/.
So, we should re-open directory if we received full array of structures. I don't know if just lseek(dirfd, 0) sufficies.
Please reopen bug, as Linux behaviour of stable reading /proc/<pid>/fd may be broken in future without any error at python side (!) (typically, second call returns empty list if dir was modified)
=================
Also, please check exit code of getdents() instead of just ignoring error and NOT closing file descriptors.
=================
P.S. Please set affected python versions...
----------
components: Library (Lib)
messages: 214100
nosy: mmarkk
priority: normal
severity: normal
status: open
title: Calling getdents()/readdir64() repeatedly while closing descriptors provides unexpected behaviour.
type: security
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20979>
_______________________________________
More information about the New-bugs-announce
mailing list