STINNER Victor added the comment:
> Suppose conditions:
> - Old linux kernel ignoring flag
> - malicious hacker force use of PLAIN FILE instead of directory
Is it a theorical bug, or are you able to reproduce it?
Old Linux kernel ignores the 0o20000000 bit but O_TMPFILE is 0o20000000 |
os.O_DIRECTORY. So the kernel still ensures that the path is a directory.
tempfile.TemporaryFile() tries to open the path with:
os.open(path, os.O_RDWR |os.O_EXCL | os.O_TMPFILE)
if the 0o20000000 bit is ignored by old kernel, it becomes:
os.open(path, os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
You cannot open a regular file with these flags:
>>> open('x', 'w').close()
>>> os.open('x', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NotADirectoryError: [Errno 20] Not a directory: 'x'
You cannot open a directory with these flags:
>>> os.open('.', os.O_RDWR |os.O_EXCL | os.O_DIRECTORY)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
IsADirectoryError: [Errno 21] Is a directory: '.'
Same behaviour for symbolic link to a regular file or to a directory.
Please open a new issue if you consider that you found a bug, but please write
a short script reproducing the bug.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue21515>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
