[issue4489] shutil.rmtree is vulnerable to a symlink attack
Arfrever Frehtes Taifersar Arahesis
report at bugs.python.org
Wed Jun 27 22:32:16 CEST 2012
Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA at GMail.Com> added the comment:
The fix (c910af2e3c98 + 53fc7f59c7bb) for this issue broke deletion of directories, which contain symlinks to directories.
(Directories with symlinks to regular files or symlinks to nonexistent files are unaffected.)
$ mkdir -p /tmp/a/b
$ ln -s b /tmp/a/c
$ python3.2 -c 'import shutil; shutil.rmtree("/tmp/a")'
$ mkdir -p /tmp/a/b
$ ln -s b /tmp/a/c
$ python3.3 -c 'import shutil; shutil.rmtree("/tmp/a")'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib64/python3.3/shutil.py", line 447, in rmtree
_rmtree_safe_fd(fd, path, onerror)
File "/usr/lib64/python3.3/shutil.py", line 395, in _rmtree_safe_fd
_rmtree_safe_fd(dirfd, fullname, onerror)
File "/usr/lib64/python3.3/shutil.py", line 406, in _rmtree_safe_fd
onerror(os.rmdir, path, sys.exc_info())
File "/usr/lib64/python3.3/shutil.py", line 404, in _rmtree_safe_fd
os.rmdir(path)
NotADirectoryError: [Errno 20] Not a directory: '/tmp/a/c'
$
----------
resolution: fixed ->
stage: committed/rejected ->
status: closed -> open
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4489>
_______________________________________
More information about the Python-bugs-list
mailing list