[issue4489] shutil.rmtree is vulnerable to a symlink attack
Hynek Schlawack
report at bugs.python.org
Sat May 19 17:28:05 CEST 2012
Hynek Schlawack <hs at ox.cx> added the comment:
I'm taking Charles-François' review comments here.
> 1. since fwalk() uses O(depth directory tree) file descriptors, we might run out
> of FD on really deep directory hierarchies. It shouldn't be a problem in
> practise
Should I mention it in the docs? The old one uses recursion and we don't warn about the stack too...
> 2. there is a slight API change, since the API exposes the function that
> triggered the failure. I don't think there's a lot a of code that depends on
> this, but it's definitely a change
I was pondering whether I should "fake" the method names as they pretty much map: listdir instead of fwalk and unlink instead of unlink at… what do you all think about that?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4489>
_______________________________________
More information about the Python-bugs-list
mailing list