[issue24558] shutil.copytree with symlinks=True opens vulnerabilities

Changes by R. David Murray : -- resolution: rejected -> not a bug stage: -> resolved ___ Python tracker ___ ___ Python-bugs-list mail

[issue24558] shutil.copytree with symlinks=True opens vulnerabilities

SpaceOne added the comment: argh. sorry. I did not read the following lines in my environment which caused this by a recursive chown. -- resolution: -> rejected status: open -> closed ___ Python tracker _

[issue24558] shutil.copytree with symlinks=True opens vulnerabilities

R. David Murray added the comment: I don't understand your workaround (how is that different from just using the default value of symlinks?) It sounds like what you are reporting is that copystat is incorrectly setting permissions on a file a symlink points to instead of on the symlink itself

[issue24558] shutil.copytree with symlinks=True opens vulnerabilities

SpaceOne added the comment: my workaround is: import os.path def ignore(src, names): return [name for name in names if os.path.islink(os.path.join(src, name))] shutil.copytree(src, dst, ignore=ignore) -- ___ Python tracker

[issue24558] shutil.copytree with symlinks=True opens vulnerabilities

New submission from SpaceOne: shutil.copytree(src, dst, symlink=True) destroys file system permissions and open security issues. See the following python/bash session: # ls -l /etc/shadow -rw-r- 1 root shadow 1114 May 8 19:10 /etc/shadow # su foobar $ ln -s /etc/shadow && exit # python -c