Re: Does This Scare You?

On Thu, Sep 8, 2016 at 1:30 AM, Lawrence D’Oliveiro wrote: > On Monday, August 22, 2016 at 4:18:39 PM UTC+12, eryk sun wrote: >> It would help to consult a reverse-engineered implementation of >> RtlGetFullPathName_Ustr and RtlIsDosDeviceName_Ustr. I'll check the >>

Re: Does This Scare You?

On Monday, August 22, 2016 at 4:18:39 PM UTC+12, eryk sun wrote: > It would help to consult a reverse-engineered implementation of > RtlGetFullPathName_Ustr and RtlIsDosDeviceName_Ustr. I'll check the > ReactOS source code. This

Re: Does This Scare You?

On Fri, Aug 26, 2016 at 11:28 AM, Jon Ribbens wrote: > On 2016-08-24, Chris Angelico wrote: >> On Thu, Aug 25, 2016 at 7:00 AM, eryk sun wrote: >>> I discovered why "Logs/con.txt" isn't working right in Windows 7, >>> while

Re: Does This Scare You?

On 2016-08-24, Chris Angelico wrote: > On Thu, Aug 25, 2016 at 7:00 AM, eryk sun wrote: >> I discovered why "Logs/con.txt" isn't working right in Windows 7, >> while "Logs/nul.txt" does get redirected correctly to r"\\.\nul". >> Prior to Windows 8 the console

Re: Does This Scare You?

On Thu, Aug 25, 2016 at 7:00 AM, eryk sun wrote: > I discovered why "Logs/con.txt" isn't working right in Windows 7, > while "Logs/nul.txt" does get redirected correctly to r"\\.\nul". > Prior to Windows 8 the console doesn't use an NT device, so the base > API has a function

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 5:24 PM, Chris Angelico wrote: > On Tue, Aug 23, 2016 at 3:13 AM, eryk sun wrote: >> On Mon, Aug 22, 2016 at 4:18 PM, Chris Angelico wrote: >>> The CON device should work if the process is attached to a console

Re: Does This Scare You?

On 08/19/2016 06:11 PM, Wildman via Python-list wrote: Since I am fairly new to Python, I realize there is much that I still don't know but I don't understand how Windows can have reserved names on a Linux system. What am I missing? A PureWindowsPath (and PurePosixPath and PurePath) is a

Re: Does This Scare You?

On Mon, 22 Aug 2016 17:27:13 +, Jon Ribbens wrote: > On 2016-08-22, Chris Angelico wrote: >> I tried things like "con.txt" and it simply failed (no such file or >> directory), without printing anything to the console. > > I'm not sure how you got that to fail, but writing

Re: Does This Scare You?

On 2016-08-22, Steve D'Aprano wrote: > I'm not really sure what the question is -- we've established that there's a > bug in the non-Windows implementation that tries to emulate Window's > behaviour. What else is there to argue about? It doesn't seem to be "the

Re: Does This Scare You?

On Tue, 23 Aug 2016 03:13 am, eryk sun wrote: > But if they open files > like "C:\Users\JoeUser\Documents\Nul.20160822.doc", I want to make > sure they know that they just asked to save to "\\.\NUL". It's not a > common problem. I just find the system's behavior abhorrent. I'd like > to have a

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Tue, Aug 23, 2016 at 3:32 AM, Tim Chase wrote: > On 2016-08-23 02:20, Chris Angelico wrote: >> It generally will (or rather, only if the file has one of a >> particular set of extensions). Automatic thumbnailing is usually >> done only for certain file names. I

Re: Does This Scare You?

On 2016-08-22, Steve D'Aprano wrote: > On Mon, 22 Aug 2016 09:50 pm, Jon Ribbens wrote: >> I don't know what purpose you are envisaging this function being used >> for, but the only one I can think of is input sanitisation. e.g. a web >> form where you receive a file

Re: Does This Scare You?

On 2016-08-22 22:39, Chris Angelico wrote: > Nope. On Windows, you would try/except it. There are myriad other > ways something could fail, and the only correct action is to > attempt it. Most of the reserved names will simply give an error; The problem is that when opening such a pseudo-file,

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On 2016-08-23 02:20, Chris Angelico wrote: > It generally will (or rather, only if the file has one of a > particular set of extensions). Automatic thumbnailing is usually > done only for certain file names. I don't know of anything that > opens every single file to see if it has a JFIF signature

Re: Does This Scare You?

On 2016-08-22, Chris Angelico wrote: > I tried things like "con.txt" and it simply failed (no such file or > directory), without printing anything to the console. I'm not sure how you got that to fail, but writing to "con.txt" certainly does write to the console in Windows 10 -

Re: Does This Scare You?

On Tue, Aug 23, 2016 at 3:13 AM, eryk sun wrote: > On Mon, Aug 22, 2016 at 4:18 PM, Chris Angelico wrote: >> >>> The CON device should work if the process is attached to a console >>> (i.e. a conhost.exe instance). >> >> No, I used Pike (to avoid any

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 4:18 PM, Chris Angelico wrote: > >> The CON device should work if the process is attached to a console >> (i.e. a conhost.exe instance). > > No, I used Pike (to avoid any specifically-Python issues or > protections) running in a console. Attempting to

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Mon, Aug 22, 2016 at 3:40 PM, Chris Angelico wrote: > Windows has some other issues, including that arbitrary files can > become executable very easily (eg if %PATHEXT% includes its file > extension), cmd uses PATHEXT to augment its search by appending each extension in the

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Tue, Aug 23, 2016 at 1:56 AM, Random832 wrote: >> And any GUI that automatically calculates thumbnails from >> image files (this includes Windows, Mac OS, and more than one Linux >> window manager) could potentially be attacked via a malformed file, >> simply by having

Re: Does This Scare You?

On Tue, Aug 23, 2016 at 1:54 AM, eryk sun wrote: > On Mon, Aug 22, 2016 at 1:17 PM, Chris Angelico wrote: >> I tried things like "con.txt" and it simply failed (no such file or >> directory), without printing anything to the console. > > Are you using IDLE or

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Mon, Aug 22, 2016, at 11:40, Chris Angelico wrote: > Windows has some other issues, including that arbitrary files can > become executable very easily (eg if %PATHEXT% includes its file > extension), and since the current directory is always at the beginning > of your path, this can easily turn

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 1:17 PM, Chris Angelico wrote: > I tried things like "con.txt" and it simply failed (no such file or > directory), without printing anything to the console. Are you using IDLE or some other IDE that uses pythonw.exe instead of python.exe? If so, first

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Tue, Aug 23, 2016 at 12:21 AM, Ben Finney wrote: > > So yes, filenames from arbitrary sources should be *completely* > untrusted, and never used to access any file on the system. Throw the > entire filename away and make a filename locally, without using any part >

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Tue, Aug 23, 2016 at 12:34 AM, Random832 wrote: > On Mon, Aug 22, 2016, at 10:21, Ben Finney wrote: >> So yes, filenames from arbitrary sources should be *completely* >> untrusted, and never used to access any file on the system. Throw the >> entire filename away and

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On 2016-08-23 00:21, Ben Finney wrote: > So yes, filenames from arbitrary sources should be *completely* > untrusted, and never used to access any file on the system. Throw > the entire filename away and make a filename locally, without using > any part of the original name. Sadly, this ideal

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Mon, Aug 22, 2016, at 10:21, Ben Finney wrote: > So yes, filenames from arbitrary sources should be *completely* > untrusted, and never used to access any file on the system. Throw the > entire filename away and make a filename locally, without using any part > of the original name. To be

The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

Chris Angelico writes: > […] to be honest, I wouldn't accept file names from untrusted sources > on *any* system […] That's one of the wiser things said in this whole thread. > I'd use arbitrary numbers or hashes as the file names, and store the > originally-submitted file

Re: Does This Scare You?

On Mon, 22 Aug 2016 10:56 pm, Random832 wrote: > On Mon, Aug 22, 2016, at 08:39, Chris Angelico wrote: >> Nope. On Windows, you would try/except it. > > No, you can't, because the failure mode often isn't "file refuses to > open" but "data is written to a serial port". Ah, that's a good point.

Re: Does This Scare You?

On Mon, 22 Aug 2016 09:50 pm, Jon Ribbens wrote: > On 2016-08-22, Chris Angelico wrote: >> On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens >> wrote: >>> On 2016-08-22, Steve D'Aprano wrote: On Mon, 22 Aug 2016 10:38 am,

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 10:56 PM, Random832 wrote: >> Most of the reserved names will simply give an error; the only way >> you'd actually get incorrect behaviour is if the file name, including >> extension, is exactly a device name. > > I think the reason you believe this

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 12:39 PM, Chris Angelico wrote: > > Nope. On Windows, you would try/except it. There are myriad other ways No, I would not rely on exceptions in this case. Both \\.\CON and \\.\NUL can be opened for both reading and writing, so you may not detect the

Re: Does This Scare You?

On Mon, Aug 22, 2016, at 08:39, Chris Angelico wrote: > Nope. On Windows, you would try/except it. No, you can't, because the failure mode often isn't "file refuses to open" but "data is written to a serial port". There are myriad other ways > something could fail, and the only correct action

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 9:50 PM, Jon Ribbens wrote: > On 2016-08-22, Chris Angelico wrote: >> On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens >> wrote: >>> On 2016-08-22, Steve D'Aprano wrote:

Re: Does This Scare You?

explanation of the problem? > > That seems a rather unnecessarily harsh response. Eryksun bought into Lawrence's over-the-top rhetorical question "does this scare you?" by answering "Yes", and repeating the ridiculous term "scary". He specifically said that it s

Re: Does This Scare You?

On 2016-08-22, Chris Angelico wrote: > On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens > wrote: >> On 2016-08-22, Steve D'Aprano wrote: >>> On Mon, 22 Aug 2016 10:38 am, eryk sun wrote: To me it's scary that this check

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens wrote: > On 2016-08-22, Steve D'Aprano wrote: >> On Mon, 22 Aug 2016 10:38 am, eryk sun wrote: >>> To me it's scary that this check misses cases because it's trying to >>> be cross-platform

Re: Does This Scare You?

On 2016-08-22, Steve D'Aprano wrote: > On Mon, 22 Aug 2016 10:38 am, eryk sun wrote: >> To me it's scary that this check misses cases because it's trying to >> be cross-platform instead of simply relying on GetFullPathName to do >> the work. For example, it misses at

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 1:26 AM, Chris Angelico wrote: > They're specifically documented as not touching any file system, which > means that they are cross-platform and cannot be guaranteed to be > perfect. If you know you're running on Windows, use WindowsPath > instead (trying

Re: Does This Scare You?

On 8/21/2016 9:08 PM, eryk sun wrote: On Mon, Aug 22, 2016 at 12:44 AM, Chris Angelico wrote: "Trying to be" cross-platform? The point of these path modules is to *be* cross-platform. I can't call Windows APIs on my Linux box (short of messing around with VMs or Wine or

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 11:08 AM, eryk sun wrote: > On Mon, Aug 22, 2016 at 12:44 AM, Chris Angelico wrote: >> "Trying to be" cross-platform? The point of these path modules is to >> *be* cross-platform. I can't call Windows APIs on my Linux box (short >> of

Re: Does This Scare You?

On Mon, 22 Aug 2016 10:38 am, eryk sun wrote: > To me it's scary that this check misses cases because it's trying to > be cross-platform instead of simply relying on GetFullPathName to do > the work. For example, it misses at least the following cases: Instead of shaking in your boots over a

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 12:44 AM, Chris Angelico wrote: > "Trying to be" cross-platform? The point of these path modules is to > *be* cross-platform. I can't call Windows APIs on my Linux box (short > of messing around with VMs or Wine or something, which are > dependencies that

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 10:38 AM, eryk sun wrote: > To me it's scary that this check misses cases because it's trying to > be cross-platform instead of simply relying on GetFullPathName to do > the work. "Trying to be" cross-platform? The point of these path modules is to *be*

Re: Does This Scare You?

On Sun, Aug 21, 2016 at 8:03 PM, Michael Torrie wrote: > On 08/19/2016 05:42 PM, Lawrence D’Oliveiro wrote: >> Python 3.5.2+ (default, Aug 5 2016, 08:07:14) >> [GCC 6.1.1 20160724] on linux >> Type "help", "copyright", "credits" or "license" for more information.

Re: Does This Scare You?

On 08/19/2016 05:42 PM, Lawrence D’Oliveiro wrote: > Python 3.5.2+ (default, Aug 5 2016, 08:07:14) > [GCC 6.1.1 20160724] on linux > Type "help", "copyright", "credits" or "license" for more information. > >>> from pathlib import PureWindowsPath > >>>

Re: Does This Scare You?

On Sat, 20 Aug 2016 11:20:44 +1000, Chris Angelico wrote: > On Sat, Aug 20, 2016 at 11:11 AM, Wildman via Python-list > wrote: >> Since I am fairly new to Python, I realize there is much that I >> still don't know but I don't understand how Windows can have >> reserved

Re: Does This Scare You?

On Sat, Aug 20, 2016 at 11:11 AM, Wildman via Python-list wrote: > Since I am fairly new to Python, I realize there is much that I > still don't know but I don't understand how Windows can have > reserved names on a Linux system. What am I missing? The PureWindowsPath

Re: Does This Scare You?

On Sat, 20 Aug 2016 10:57:37 +1000, Chris Angelico wrote: > On Sat, Aug 20, 2016 at 9:42 AM, Lawrence D’Oliveiro > wrote: >> Python 3.5.2+ (default, Aug 5 2016, 08:07:14) >> [GCC 6.1.1 20160724] on linux >> Type "help", "copyright", "credits" or "license" for

Re: Does This Scare You?

On Sat, Aug 20, 2016 at 9:42 AM, Lawrence D’Oliveiro wrote: > Python 3.5.2+ (default, Aug 5 2016, 08:07:14) > [GCC 6.1.1 20160724] on linux > Type "help", "copyright", "credits" or "license" for more information. > >>> from pathlib import PureWindowsPath >

Does This Scare You?

Python 3.5.2+ (default, Aug 5 2016, 08:07:14) [GCC 6.1.1 20160724] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from pathlib import PureWindowsPath >>> PureWindowsPath("prn").is_reserved() True >>>