[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2018-08-13 Thread Jim Jewett


Jim Jewett  added the comment:

(Note:  I am talking only about the disclosure issue; file corruption would 
ideally be fixed as far back as possible, though I would be somewhat 
sympathetic to a "nah, that ain't security, too late" argument.)

My current UI shows this as relevant to every release *except* 3.4 and 3.8.  If 
it is really 3.4 only, I think it should be closed -- anyone still using 3.4 
*and* able to install from source is likely to be more upset by unexpected (and 
possibly silent) breakage of an existing process than new exploits of a 6 year 
old bug.  

If it really does apply to 3.5-3.7, then it would be good to do the same fix in 
all (and to match 3.8, which presumably is also affected, and simply wasn't 
available to check when the Versions were last set).

If, for some reason, the *right* fix on 3.8 (or at least 3.7 or 3.6) doesn't 
apply to earlier 3.x versions, I suggest closing it as won't-fix on those older 
versions.

That said, I'm probably the wrong person to verify which versions are affected, 
so consider this as only soft support for Release Manager to do so if this 
continues to languish.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2018-06-12 Thread Giampaolo Rodola'


Change by Giampaolo Rodola' :


--
nosy: +giampaolo.rodola

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2016-10-14 Thread Julien Muchembled

Changes by Julien Muchembled :


--
nosy: +jm

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2016-09-08 Thread Christian Heimes

Changes by Christian Heimes :


--
priority: normal -> high
versions: +Python 2.7, Python 3.5, Python 3.6, Python 3.7 -Python 3.4

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2014-03-18 Thread Jim Jewett

Jim Jewett added the comment:

Is this really only 3.4?  Since it is security-related, it seems like it should 
be at least considered for older versions as well.

--
nosy: +Jim.Jewett

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2013-03-24 Thread Charles-François Natali

Charles-François Natali added the comment:

That shouldn't be too complicated, but does Windows have fcomod()  Co?

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2013-03-24 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Windows doesn't have fchmod(), but chmod() doesn't do much on it either:

“Although Windows supports chmod(), you can only set the file’s read-only flag 
with it (via the stat.S_IWRITE and stat.S_IREAD constants or a corresponding 
integer value). All other bits are ignored.”

(Windows has a sophisticated file permissions scheme, but you probably need to 
use native APIs to effect them)

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2013-03-23 Thread Arfrever Frehtes Taifersar Arahesis

Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:


--
nosy: +Arfrever

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2013-03-23 Thread Antoine Pitrou

Changes by Antoine Pitrou pit...@free.fr:


--
nosy: +neologix

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2012-07-05 Thread Brad Tilley
Additionally, shutil.copyfile procedure seems to have a problem with
symlinks that could result in the corruption of content of any file on
filesystem (in favorable conditions).

---

Does the shutil.copyfile corruption issue impact Python 2.6? And, what
sort of favorable conditions need to exist for this to happen? I ask
because we are seeing some file corruption on a GPFS filesystem where we
are using Python 2.6 and shutil.copyfile with symlinks.

I'm not on this list, so cc me if you reply to the list and want me to see
the response.

Thanks,

Brad

___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2012-06-24 Thread Hynek Schlawack

Changes by Hynek Schlawack h...@ox.cx:


--
versions: +Python 3.4 -Python 3.3

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2012-06-19 Thread Hynek Schlawack

Hynek Schlawack h...@ox.cx added the comment:

It's not that simple as we currently use public functions for copying the files 
and the metadata. copyfile is explicitly _not_ supposed to copy any metadata so 
we can't patch it up to do so. Also that won't help for other stat  xattr data 
so this fix would be rather incomplete.

umask is ruled out too, because that isn't (if I'm not mistaken) thread safe 
thus wouldn't help against stat  xattr disclosures anyway.

Therefore we'll have to re-implement the whole metadata stack for copy and 
copy2 using fd-based functions. Taking into account #4489, I guess it's the 
best way (+ hoping someone implements safe versions for other platforms too).

The mode itself can also be copied pretty easily using a custom opener for open 
(os.open has a mode argument).

I doubt I will be able to do that till beta1 though. But I suppose we can 
commit this while in the betas?

--
keywords:  -patch
nosy: +loewis, pitrou
stage:  - needs patch
versions: +Python 3.3 -Python 2.7, Python 3.2

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2012-06-18 Thread Radoslaw A. Zarzynski

New submission from Radoslaw A. Zarzynski 
radoslaw.zarzyn...@student.put.poznan.pl:

shutil.copy and shutil.copy2 first copy a file content and afterwards
change permissions of a destination file. Unfortunately, the sequence isn't 
atomical and may lead to disclosure of matter of any file that is being 
duplicated.

Additionally, shutil.copyfile procedure seems to have a problem with symlinks 
that could result in the corruption of content of any file on filesystem (in 
favorable conditions).

Some functions from shutil module that depend on copy[2] (and thus copyfile) 
are vulnerable too.
For example, shutil.move is using copy2 when os.rename fails because of file 
transfer between filesystems.

I have attached listing from strace(1) system utility below that illustrates 
the disclosure problem.

# ls -l ./shutil_test
-r 1 root root 10 06-18 11:42 shutil_test

# strace -- python -c import shutil; shutil.move('./shutil_test', '/tmp')
many irrelevant lines
open(./shutil_test, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0400, st_size=10, ...}) = 0
open(/tmp/shutil_test, O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
fstat(3, {st_mode=S_IFREG|0400, st_size=10, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7fd82e13e000
read(3, blablabla\n, 16384)   = 10
read(3, , 12288)  = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7fd82e13d000
read(3, , 16384)  = 0
write(4, blablabla\n, 10) = 10
close(4)= 0
munmap(0x7fd82e13d000, 4096)= 0
close(3)= 0
munmap(0x7fd82e13e000, 4096)= 0
stat(./shutil_test, {st_mode=S_IFREG|0400, st_size=10, ...}) = 0
utimes(/tmp/shutil_test, {{1340012952, 0}, {1340012539, 0}}) = 0
chmod(/tmp/shutil_test, 0400) = 0

Quick fix for the first issue could rely on os.umask but much more elegant and 
composite solution might use combination of os.open, os.fchmod and os.fdopen 
instead of open(dst, 'wb') in shutil.copyfile procedure which additionally 
rectifies the problem with symlink attack.
However, I am not sure that the last one is portable and won't mess with 
another code.
I have prepared *untested* patches for both propositions.

Best regards,
Radoslaw A. Zarzynski

--
components: Library (Lib)
files: python_shutil_copyfile.diff
keywords: patch
messages: 163096
nosy: radoslaw.zarzynski
priority: normal
severity: normal
status: open
title: Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile
type: security
versions: Python 2.7, Python 3.2
Added file: http://bugs.python.org/file26042/python_shutil_copyfile.diff

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2012-06-18 Thread Radoslaw A. Zarzynski

Changes by Radoslaw A. Zarzynski radoslaw.zarzyn...@student.put.poznan.pl:


Added file: http://bugs.python.org/file26043/python_shutil_copy_with_umask.diff

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2012-06-18 Thread Florent Xicluna

Changes by Florent Xicluna florent.xicl...@gmail.com:


--
components: +IO
nosy: +flox

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue15100] Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile

2012-06-18 Thread Hynek Schlawack

Changes by Hynek Schlawack h...@ox.cx:


--
nosy: +hynek

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15100
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com