Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote:          if hasattr(os, symlink) and hasattr(os, link):              # For systems that support symbolic and hard links.              if tarinfo.issym(): +                if os.path.exists(targetpath): +                  

Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

On Fri, Apr 29, 2011 at 4:26 PM, Eli Bendersky eli...@gmail.com wrote: On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote: The kind of race condition which can happen here is if an attacker creates targetpath between os.path.exists and os.unlink. Whether it is an exploitable flaw

Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

On Fri, Apr 29, 2011 at 09:52, Nick Coghlan ncogh...@gmail.com wrote: On Fri, Apr 29, 2011 at 4:26 PM, Eli Bendersky eli...@gmail.com wrote: On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote: The kind of race condition which can happen here is if an attacker creates targetpath

Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

On Fri, Apr 29, 2011 at 10:02 AM, Eli Bendersky eli...@gmail.com wrote: I completely understand this other code/thread deletes the path between exists() and unlink() case - it indeed is a race condition waiting to happen. What I didn't understand was Antoine's example of attacker creates

Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

Hi, I’m still educating myself about concurrency and race conditions, so I hope my naïve question won’t be just a waste of time. Here it is: http://hg.python.org/cpython/rev/0c8bc3a0130a user:Senthil Kumaran orsent...@gmail.com summary: Fix closes issue10761: tarfile.extractall

Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote: if hasattr(os, symlink) and hasattr(os, link): # For systems that support symbolic and hard links. if tarinfo.issym(): +if os.path.exists(targetpath): +

Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

On Thu, 28 Apr 2011 22:44:50 +0800 Senthil Kumaran orsent...@gmail.com wrote: On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote: if hasattr(os, symlink) and hasattr(os, link): # For systems that support symbolic and hard links. if

Re: [Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

On Thu, Apr 28, 2011 at 4:44 PM, Senthil Kumaran orsent...@gmail.com wrote: On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote: if hasattr(os, symlink) and hasattr(os, link): # For systems that support symbolic and hard links. if tarinfo.issym():