On Sun, Jun 24, 2012 at 2:18 AM, hynek.schlawack <python-check...@python.org> wrote: > http://hg.python.org/cpython/rev/c910af2e3c98 > changeset: 77635:c910af2e3c98 > user: Hynek Schlawack <h...@ox.cx> > date: Sat Jun 23 17:58:42 2012 +0200 > summary: > #4489: Add a shutil.rmtree that isn't suspectible to symlink attacks > > It is used automatically on platforms supporting the necessary os.openat() and > os.unlinkat() functions. Main code by Martin von Löwis.
Unfortunately, this isn't actually having any effect at the moment since the os module APIs changed for the beta release. The "hasattr(os, 'unlinkat')" and "hasattr(os, 'openat')" checks need to become "os.unlink in os.supports_dir_fd" and "os.open in os.supports_dir_fd", and the affected calls need to be updated to pass "dir_fd" as an argument to the normal versions of the functions. At least we know the graceful fallback to the old behaviour is indeed graceful, though :) Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
