[issue10905] zipfile: fix arcname with leading '///' or '..'
New submission from Zhigang Wang : We only support arcname with one leading '/', but not more. This patch fixes it. We don't support arcname with '..' well. The default behavior of unzip and 7z is to ignore all '..'. This patch does the same. Also updated the doc. If there are other security related issues exist, we should revise the doc. Please review. -- components: Library (Lib) files: python-zipfile-fix-arcname.patch keywords: patch messages: 126254 nosy: zhigang priority: normal severity: normal status: open title: zipfile: fix arcname with leading '///' or '..' type: security versions: Python 3.3 Added file: http://bugs.python.org/file20404/python-zipfile-fix-arcname.patch ___ Python tracker <http://bugs.python.org/issue10905> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10905] zipfile: fix arcname with leading '///' or '..'
Zhigang Wang added the comment: $ unzip -l t.zip Archive: t.zip Length DateTimeName - -- - 3 01-14-2011 21:11 ../foo 3 01-14-2011 21:11 foo - --- 6 2 files [zhigang@localhost tmp]$ unzip -d aa t.zip Archive: t.zip warning: skipped "../" path component(s) in ../foo extracting: aa/foo replace aa/foo? [y]es, [n]o, [A]ll, [N]one, [r]ename: A extracting: aa/foo $ 7za x -oaa t.zip 7-Zip (A) 9.13 beta Copyright (c) 1999-2010 Igor Pavlov 2010-04-15 p7zip Version 9.13 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,1 CPU) Processing archive: t.zip file aa/foo already exists. Overwrite with ../foo? (Y)es / (N)o / (A)lways / (S)kip all / A(u)to rename all / (Q)uit? A Extracting ../foo Extracting foo Everything is Ok Files: 2 Size: 6 Compressed: 198 -- ___ Python tracker <http://bugs.python.org/issue10905> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10905] zipfile: fix arcname with leading '///' or '..'
Zhigang Wang added the comment: Yes, in zipfile, we just overwrite it. Actually, ZipFile.extract() overwrite existing files already. If we want it more powerful, we can add a 'overwrite' parameter. But turning zipfile a full featured zip/unzip tool needs much more extra work... -- ___ Python tracker <http://bugs.python.org/issue10905> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6559] [PATCH]add pass_fds paramter to subprocess.Popen()
New submission from Zhigang Wang : The current subprocess.Popen() has a boolean close_fds parameter, which cannot satisfy all the requirements. Eg. want to pass specific fd to child process, but close others. This patch adds a extra parameter pass_fds to subprocess.Popen's __init__(). This parameter only effect when close_fds=True. When close_fds=True, all fds in pass_fds will not closed before exec. -- components: Library (Lib) files: python-subprocess-add-pass-fds.patch keywords: patch messages: 90871 nosy: zhigang severity: normal status: open title: [PATCH]add pass_fds paramter to subprocess.Popen() versions: Python 3.2 Added file: http://bugs.python.org/file14555/python-subprocess-add-pass-fds.patch ___ Python tracker <http://bugs.python.org/issue6559> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5483] [PATCH]Add FastDbfilenameShelf: shelf nerver sync cache even when writeback=True
Zhigang Wang added the comment: Thanks Robert for pointing out issue553171. After read that issue, I still think we paid too much to make shelf less surprising. We should at lease provide a option for the *smart* programmers to get better speed and less exceptions. The write-back-all-cache-on-close feature is easy to document, but hard to accept when you have cached too much data. CCing Alex and Martin for comments. -- nosy: +aleax, loewis ___ Python tracker <http://bugs.python.org/issue5483> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5483] [PATCH]Add FastDbfilenameShelf: shelf nerver sync cache even when writeback=True
New submission from Zhigang Wang :
shelf without writeback=True is too slow, while shelves with
writeback=True takes too much time to close. And even worse, these codes
can not run:
$ cat test_shelve.py
#!/usr/bin/env python
import shelve
store = shelve.open("/tmp/shelve.db", writeback=True)
class Test(object):
pass
def main():
store["a"] = Test()
if __name__ == '__main__':
main()
$ python test_shelve.py
Exception cPickle.PicklingError: "Can't pickle :
it's not the same object as __main__.Test" in ignored
With this module, we can make it to run.
I think it's worth add this function to shelve. We can achieve great
improvement with some avoidable limitations.
The other approach to add this function is to add a extra option the
shelve.open(). We can discuss for which is better.
--
components: Library (Lib)
files: fast_shelf.patch
keywords: patch
messages: 83516
nosy: zhigang
severity: normal
status: open
title: [PATCH]Add FastDbfilenameShelf: shelf nerver sync cache even when
writeback=True
type: feature request
versions: Python 3.1
Added file: http://bugs.python.org/file13317/fast_shelf.patch
___
Python tracker
<http://bugs.python.org/issue5483>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5483] [PATCH]Add FastDbfilenameShelf: shelf nerver sync cache even when writeback=True
Zhigang Wang added the comment: Add some errata of the patch: add the new class to __all__. -- Added file: http://bugs.python.org/file13318/fast_shelf-v2.patch ___ Python tracker <http://bugs.python.org/issue5483> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
